A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.
Metrics
Affected Vendors & Products
References
History
Sun, 05 Jul 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance. | |
| Title | zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink | |
| First Time appeared |
Zcaceres
Zcaceres markdownify-mcp |
|
| Weaknesses | CWE-59 CWE-61 |
|
| CPEs | cpe:2.3:a:zcaceres:markdownify-mcp:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Zcaceres
Zcaceres markdownify-mcp |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-05T03:15:08.112Z
Reserved: 2026-07-04T05:22:43.104Z
Link: CVE-2026-14699
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-05T09:15:16Z