CVE-2026-55570: CRITICAL XSS in SiYuan (<3.7.0) enables arbitrary HTML injection. On the desktop client, attackers can escalate to OS command execution due to nodeIntegration. Upgrade to 3.7.0+ now! https://radar.offseq.com/threat/cve-2026-55570-cwe-79-improper-neutralization-of-i-34ddb800ffc94efb #OffSeq #XSS #Vuln #SiYuan