CVE-2025-5276

Name of the Vulnerable Software and Affected Versions mcp-markdownify-server versions all

Description The issue concerns Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

Recommendations As a temporary workaround, consider disabling the Markdownify.get() function until a patch is available. Restrict access to the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to minimize the risk of exploitation. Avoid using the Markdownify.get() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.