Skip to main content

Markdownify Mcp

2 CVEs product

Monthly

CVE-2026-14702 LOW POC PATCH Monitor

Insufficiently random temporary file naming in markdownify-mcp (zcaceres, versions through 1.1.0) exposes transiently written content to local users who can predict or race the generated file path. The saveToTempFile function in src/Markdownify.ts affects the webpage-to-markdown, youtube-to-markdown, and bing-search-to-markdown conversion pipelines, allowing a co-located attacker to read converted content before cleanup. No active exploitation has been confirmed (not in CISA KEV), though a proof-of-concept is publicly available; the overall risk is low given the local-only, high-complexity attack requirements reflected in the CVSS 4.0 score of 2.0.

Information Disclosure Markdownify Mcp
NVD VulDB GitHub
CVSS 4.0
1.1
EPSS
0.1%
CVE-2026-14699 MEDIUM PATCH This Month

Symlink following in zcaceres markdownify-mcp up to version 1.1.0 allows a local low-privilege user to read files outside the intended directory boundary by exploiting insufficient path resolution in the `assertPathAllowed` function of `src/Markdownify.ts`. The function evaluates the user-supplied symbolic path rather than its canonicalized target, enabling an attacker to bypass the path restriction check and disclose arbitrary local files. No public exploit code exists at time of analysis, the vulnerability is not listed in CISA KEV, and a fix is pending as an unmerged pull request.

Information Disclosure Markdownify Mcp
NVD VulDB GitHub
CVSS 4.0
4.8
EPSS
0.1%
EPSS 0% CVSS 1.1
LOW POC PATCH Monitor

Insufficiently random temporary file naming in markdownify-mcp (zcaceres, versions through 1.1.0) exposes transiently written content to local users who can predict or race the generated file path. The saveToTempFile function in src/Markdownify.ts affects the webpage-to-markdown, youtube-to-markdown, and bing-search-to-markdown conversion pipelines, allowing a co-located attacker to read converted content before cleanup. No active exploitation has been confirmed (not in CISA KEV), though a proof-of-concept is publicly available; the overall risk is low given the local-only, high-complexity attack requirements reflected in the CVSS 4.0 score of 2.0.

Information Disclosure Markdownify Mcp
NVD VulDB GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Symlink following in zcaceres markdownify-mcp up to version 1.1.0 allows a local low-privilege user to read files outside the intended directory boundary by exploiting insufficient path resolution in the `assertPathAllowed` function of `src/Markdownify.ts`. The function evaluates the user-supplied symbolic path rather than its canonicalized target, enabling an attacker to bypass the path restriction check and disclose arbitrary local files. No public exploit code exists at time of analysis, the vulnerability is not listed in CISA KEV, and a fix is pending as an unmerged pull request.

Information Disclosure Markdownify Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy