A vulnerability was found in SiYuan up to 3.6.5 . It has been classified as problematic . This vulnerability affects unknown code of the file plugin.json of the component Setting Handler . The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-45375 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.