Critical XSS Vulnerability in SiYuan's Bazaar Marketplace (CVE-2026-56397)
A critical vulnerability (CVE-2026-56397) with a CVSS score of 9.6 was discovered in SiYuan's Bazaar marketplace. The vulnerability allows malicious package authors to inject arbitrary HTML and JavaScript into package metadata and README content, leading to remote code execution on users browsing the Bazaar. This affects SiYuan versions before v3.6.1. Immediate patching to v3.6.1 or later is recommended.