A vulnerability was found in SiYuan up to 3.6.0 . It has been rated as problematic . The affected element is an unknown function of the component Setting Handler . This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-56395 . The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.