PT-2026-43087 · Unknown · Markdown-Downloader

Kkkkko

·

Published

2026-05-25

·

Updated

2026-05-25

·

CVE-2026-9472

CVSS v2.0

6.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions dazeb markdown-downloader versions up to 3d4394b34b6c99d81af817623af55e3384df5a6a
Description A flaw in the create subdirectory() function within the download markdown/list downloaded files path of the src/index.ts file allows for remote path traversal. Path traversal is a technique that enables an attacker to access files and directories that are stored outside the intended folder.
Recommendations As a temporary workaround, consider restricting the use of the create subdirectory() function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9472

Affected Products

Markdown-Downloader