PT-2026-8355 · Unknown · Markdown Preview Enhanced

Publicado

2026-02-16

·

Atualizado

2026-02-25

·

CVE-2025-65716

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18
Description A flaw exists in Visual Studio Code Extensions Markdown Preview Enhanced version 0.8.18 that could allow attackers to execute arbitrary code. This is achieved by uploading a specially crafted .Md file. The vulnerable component is the file processing functionality within the extension. The uploadFile() function is likely involved in the processing of the malicious file. The vulnerable parameter is the uploaded .Md file itself.
Recommendations Update Visual Studio Code Extensions Markdown Preview Enhanced to a version that addresses this issue. As a temporary workaround, avoid opening or processing untrusted .Md files with this extension.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

BDU:2026-02193
CVE-2025-65716

Produtos afetados

Markdown Preview Enhanced