A vulnerability described as problematic has been identified in shd101wyy Markdown Preview Enhanced and crossnote . This issue affects the function window.eval . Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code. This vulnerability is registered as CVE-2026-11422 . The attack needs to be launched locally. No exploit is available. Upgrading the affected component is recommended.