CVE-2026-39846
CVE-2026-39846 – SiYuan Electron desktop client is affected prior to 3.6.4. A crafted note with table caption content that is stored without safe escaping can be unescaped in rendered HTML, creating a stored XSS sink. Since the desktop renderer runs with nodeIntegration enabled and contextIsolati...