A vulnerability labeled as problematic has been found in SiYuan up to 3.6.x . Impacted is an unknown function of the component Transaction Handler . Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-44670 . The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.