CVE-2025-58358

Name of the Vulnerable Software and Affected Versions Markdownify versions prior to 0.0.2

Description Markdownify is a Model Context Protocol server for converting content to Markdown. Versions prior to 0.0.2 contain a command injection issue, caused by the unsanitized use of input parameters within a call to child process.exec. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings, introducing the possibility of shell metacharacter injection.

Recommendations Update to version 0.0.2 or later.