Skip to main content

markdownify-mcp CVE-2026-14702

| EUVDEUVD-2026-41721 LOW
Use of Insufficiently Random Values (CWE-330)
2026-07-05 VulDB GHSA-cf27-pvxx-xmcj
1.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.1 LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
2.5 LOW

Local-only access with low privileges required; high complexity to time a temp-file race; impact is limited to low confidentiality of converted content with no integrity or availability effect.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
Jul 05, 2026 - 05:22 NVD
2.0 (LOW) 1.1 (LOW)
Analysis Generated
Jul 05, 2026 - 04:52 vuln.today

DescriptionCVE.org

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

Insufficiently random temporary file naming in markdownify-mcp (zcaceres, versions through 1.1.0) exposes transiently written content to local users who can predict or race the generated file path. The saveToTempFile function in src/Markdownify.ts affects the webpage-to-markdown, youtube-to-markdown, and bing-search-to-markdown conversion pipelines, allowing a co-located attacker to read converted content before cleanup. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local account on shared host
Delivery
Detect active markdownify-mcp conversion operation
Exploit
Predict or enumerate insufficiently random temp file path
Execution
Race to open and read temp file before deletion
Impact
Obtain converted Markdown content

Vulnerability AssessmentAI

Exploitation Exploitation requires a local account on the same host where markdownify-mcp is running (AV:L, PR:L) - remote exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) and score of 2.0 are internally consistent and accurately reflect a tightly constrained risk profile: local access is mandatory, attack complexity is high, low-level privileges are required, and impact is limited to partial confidentiality of converted content with no integrity or availability effect. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user on a shared development server where markdownify-mcp is actively processing a webpage-to-markdown conversion waits for the tool to write its temporary file, then enumerates or predicts the insufficiently random filename and opens the file before it is deleted, reading the converted Markdown content - which may include sensitive web page data fetched by the tool operator. A proof-of-concept demonstrating this technique has been published at https://github.com/zcaceres/markdownify-mcp/issues/110.
Remediation A fix has been proposed in pull request https://github.com/zcaceres/markdownify-mcp/pull/111, but this PR had not yet been merged into a tagged release at the time of analysis - the upstream fix is available but a released patched version is not independently confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14702 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy