CVE-2026-40318 | SiYuan up to 3.6.3 removeUnusedAttributeView ID path traversal (GHSA-vw86-c94w-v3x4)

A vulnerability was found in SiYuan up to 3.6.3. It has been classified as problematic. Affected by this issue is some unknown functionality of the file /api/av/removeUnusedAttributeView. This manipulation of the argument ID causes path traversal: ‘../filedir’.

This vulnerability is registered as CVE-2026-40318. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More