Product
A critical vulnerability (CVE-2026-54069) in SiYuan Note kernel's HTTP server allows any Chrome/Chromium browser extension to gain unauthenticated RoleAdministrator access, enabling data exfiltration, stored XSS injection, and configuration tampering for SiYuan desktop users, including via compromised legitimate extensions.