Product
An incomplete fix for CVE-2026-41894 in SiYuan's 'publish mode' allows unauthenticated remote attackers to perform path traversal by double URL-encoding '..' segments in requests to the '/assets/*path' route, leading to the read of arbitrary files within the 'WorkspaceDir'.