PT-2026-55760 · Unknown · Markdownify-Mcp

Dem000000

·

Published

2026-07-05

·

Updated

2026-07-05

·

CVE-2026-14699

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions zcaceres markdownify-mcp versions prior to 1.1.1
Description A weakness exists in the assertPathAllowed() function within the src/Markdownify.ts file. A local attacker can perform a manipulation that leads to symlink following, which occurs when the software follows a symbolic link to access a file or directory outside of the intended path.
Recommendations Update to a version newer than 1.1.0. As a temporary workaround, restrict local access to the assertPathAllowed() function until the fix is officially accepted and released.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14699

Affected Products

Markdownify-Mcp