{"vulnerability": "CVE-2026-55570", "sightings": [{"uuid": "a548eb92-562e-4d8c-996d-de6243a8dca7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-55570", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mp3brvvwqm2f", "content": "CRITICAL: SiYuan <3.7.0 vulnerable to XSS (CVE-2026-55570) \u2014 desktop client can be fully compromised via OS command execution. Update to 3.7.0+ now. https://radar.offseq.com/threat/cve-2026-55570-cwe-79-improper-neutralization-of-i-34ddb800ffc94efb #OffSeq #XSS #SiYuan", "creation_timestamp": "2026-06-25T01:30:27.519110Z"}, {"uuid": "b0c4ea43-c9fb-4212-8791-8fae3996fdac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-55570", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116808156714813443", "content": "CVE-2026-55570: CRITICAL XSS in SiYuan (<3.7.0) enables arbitrary HTML injection. On the desktop client, attackers can escalate to OS command execution due to nodeIntegration. Upgrade to 3.7.0+ now! https://radar.offseq.com/threat/cve-2026-55570-cwe-79-improper-neutralization-of-i-34ddb800ffc94efb #OffSeq #XSS #Vuln #SiYuan", "creation_timestamp": "2026-06-25T01:30:35.953530Z"}, {"uuid": "b7919bb2-668a-4f11-9f66-54e166dce529", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-55570", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp3cbffawf2p", "content": "CVE-2026-55570 - SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)\nCVE ID : CVE-2026-55570\n \n Published : June 24, 2026, 9:24 p.m. | 3\u00a0hours, 46\u00a0minutes ago\n \n Description : SiYuan is an open...", "creation_timestamp": "2026-06-25T01:39:07.469839Z"}]}