GHSA-mf9r-r6pc-8fc6MediumCVSS 3.3
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is...
🔗 CVE IDs covered (1)
📋 Description
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.
🔗 References (9)
- https://nvd.nist.gov/vuln/detail/CVE-2026-14699
- https://github.com/zcaceres/markdownify-mcp/issues/108
- https://github.com/zcaceres/markdownify-mcp/pull/109
- https://github.com/zcaceres/markdownify-mcp
- https://vuldb.com/cve/CVE-2026-14699
- https://vuldb.com/submit/846864
- https://vuldb.com/vuln/376295
- https://vuldb.com/vuln/376295/cti
- https://github.com/advisories/GHSA-mf9r-r6pc-8fc6