Description
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Sun, 05 Jul 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance. | |
| Title | zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink | |
| First Time appeared |
Zcaceres
Zcaceres markdownify-mcp |
|
| Weaknesses | CWE-59 CWE-61 |
|
| CPEs | cpe:2.3:a:zcaceres:markdownify-mcp:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Zcaceres
Zcaceres markdownify-mcp |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-05T03:15:08.112Z
Reserved: 2026-07-04T05:22:43.104Z
Link: CVE-2026-14699
No data.
No data.
No data.
OpenCVE Enrichment
No data.