Back to CVE List

CVE-2026-14699

LOW SEVERITY

CVSS Score & Metrics

Base Score
3.3 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vulnerability Description

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-59
Source
NVD
Vendor
zcaceres
Product
markdownify-mcp

External References

Discussion (0)

Add Comment

No comments yet. Be the first!