CVE-2026-11422 | shd101wyy Markdown Preview Enhanced/crossnote window.eval eval injection (Issue 2315)

A vulnerability described as problematic has been identified in shd101wyy Markdown Preview Enhanced and crossnote. This issue affects the function window.eval. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code.

This vulnerability is registered as CVE-2026-11422. The attack needs to be launched locally. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More