CVE-2026-44588 | SiYuan up to 3.6.x app/src/block/popover.ts child_process cross site scripting (GHSA-25rp-h46x-2hjm)

A vulnerability categorized as problematic has been discovered in SiYuan up to 3.6.x. Affected by this issue is the function child_process of the file app/src/block/popover.ts. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-44588. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More