CVE-2026-40922 | SiYuan up to 3.6.3 Bazaar cross site scripting (GHSA-4663-4mpg-879v)

A vulnerability labeled as problematic has been found in SiYuan up to 3.6.3. The affected element is an unknown function of the component Bazaar Handler. The manipulation results in cross site scripting.

This vulnerability is known as CVE-2026-40922. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More