CVE-2026-14699
LOW SEVERITYCVSS Score & Metrics
Base Score
3.3 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Description
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-59
Source
NVD
Vendor
zcaceres
Product
markdownify-mcp
Discussion (0)
Add Comment
No comments yet. Be the first!