CVE-2026-33067 — SiYuan is a personal knowledge management system. Versions 3.6.0 and below render package metadata fields (displayName, description) using template literals without HTML escaping. A malicious package — CVE Database · The Intelligence Room