A vulnerability has been found in SiYuan up to 3.6.x and classified as problematic . Affected by this issue is the function renderSnippet . The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2026-54067 . It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.