Skip to main content

markdown-downloader EUVD-2026-31704

| CVE-2026-9472 LOW
Path Traversal (CWE-22)
2026-05-25 VulDB GHSA-2wcg-qvrr-vf6j
Path Traversal Markdown Downloader
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 13:17 vuln.today
Severity Changed
May 26, 2026 - 20:07 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 20:07 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in dazeb markdown-downloader exposes server-side file systems to low-privileged remote attackers through unsanitized input in three functions within src/index.ts. The affected functions - download_markdown, list_downloaded_files, and create_subdirectory - fail to restrict directory scope, allowing authenticated users with low privileges to read or write files outside intended boundaries. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege credentials
Delivery
Send crafted path input to exposed endpoint
Exploit
Trigger unsanitized path.join/resolve in src/index.ts
Execution
Traverse outside intended directory via '../' sequences
Impact
Read or write arbitrary accessible files
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to hold at least low-privilege authenticated access to the application or API exposing markdown-downloader functionality, as confirmed by CVSS 4.0 PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The overall risk signal from multiple sources is low-to-moderate despite the presence of publicly available exploit code. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged authenticated user of a web service or API backed by markdown-downloader submits a crafted filename or path parameter - for example, '../../etc/passwd' - to the download_markdown or list_downloaded_files endpoint. Because the functions do not sanitize or canonicalize the input, the application resolves the traversal sequence and reads or writes a file outside the intended markdown storage directory. …
Remediation No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31704 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy