Severity by source
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local-only access with low privileges required; high complexity to time a temp-file race; impact is limited to low confidentiality of converted content with no integrity or availability effect.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
AnalysisAI
Insufficiently random temporary file naming in markdownify-mcp (zcaceres, versions through 1.1.0) exposes transiently written content to local users who can predict or race the generated file path. The saveToTempFile function in src/Markdownify.ts affects the webpage-to-markdown, youtube-to-markdown, and bing-search-to-markdown conversion pipelines, allowing a co-located attacker to read converted content before cleanup. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local account on the same host where markdownify-mcp is running (AV:L, PR:L) - remote exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) and score of 2.0 are internally consistent and accurately reflect a tightly constrained risk profile: local access is mandatory, attack complexity is high, low-level privileges are required, and impact is limited to partial confidentiality of converted content with no integrity or availability effect. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user on a shared development server where markdownify-mcp is actively processing a webpage-to-markdown conversion waits for the tool to write its temporary file, then enumerates or predicts the insufficiently random filename and opens the file before it is deleted, reading the converted Markdown content - which may include sensitive web page data fetched by the tool operator. A proof-of-concept demonstrating this technique has been published at https://github.com/zcaceres/markdownify-mcp/issues/110. |
| Remediation | A fix has been proposed in pull request https://github.com/zcaceres/markdownify-mcp/pull/111, but this PR had not yet been merged into a tagged release at the time of analysis - the upstream fix is available but a released patched version is not independently confirmed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Markdownify Mcp
View allSame weakness CWE-330 – Use of Insufficiently Random Values
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41721
GHSA-cf27-pvxx-xmcj