{"uuid": "b0c4ea43-c9fb-4212-8791-8fae3996fdac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-55570", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116808156714813443", "content": "CVE-2026-55570: CRITICAL XSS in SiYuan (<3.7.0) enables arbitrary HTML injection. On the desktop client, attackers can escalate to OS command execution due to nodeIntegration. Upgrade to 3.7.0+ now! https://radar.offseq.com/threat/cve-2026-55570-cwe-79-improper-neutralization-of-i-34ddb800ffc94efb #OffSeq #XSS #Vuln #SiYuan", "creation_timestamp": "2026-06-25T01:30:35.953530Z"}