A vulnerability classified as problematic was found in SiYuan up to 3.6.x . This impacts the function JSON.stringify of the component HTML Attribute Handler . Such manipulation leads to HTML injection. This vulnerability is documented as CVE-2026-55570 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.