XSS in Siyuan-note Siyuan

CVE-2026-59855

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a…

Affected products

Weakness classification (CWE)

References