CVE-2026-9472 - Vulnerability Details

Description

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-05-25

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability lies in the create_subdirectory function of the dazeb markdown-downloader project. An attacker can supply a specially crafted path that causes the function to resolve outside the designated download directory, resulting in a directory traversal flaw (CWE-22). The flaw allows the creation of files on arbitrary paths on the host file system, potentially exposing or modifying sensitive data and creating conditions that could lead to further compromise.

Affected Systems

Any installation of the dazeb markdown-downloader up to commit 3d4394b34b6c99d81af817623af55e3384df5a6a is affected. The project does not publish version numbers, which means that any deployment of the current codebase is potentially vulnerable. No official patch is available, and the repository owner has not responded to reported issues.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the fact that an exploit is publicly available implies a higher likelihood of use. The EPSS score is not available, so the precise exploitation probability cannot be quantified, but the existence of an exploit indicates that the risk is non‑negligible. The vulnerability is not listed in the CISA KEV catalog. Attackers can trigger the flaw by sending a remote download request containing a malicious path; no local privilege is required, making the attack straightforward once the service is reachable.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

dazeb

markdown-downloader

affected

Version	Status	Constraints
`3d4394b34b6c99d81af817623af55e3384df5a6a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the dazeb repository for an updated commit that removes the insecure path handling; if no patch exists, consider disabling the markdown downloading feature until a safe release is provided.
Reimplement the create_subdirectory logic so that the resolved path is validated against the intended base directory, preventing traversal outside that base.
Run the downloader component inside a container or a chroot jail, limiting its filesystem exposure to only the required directories, thus containing any potentially malicious files created by an attacker.

Generated by OpenCVE AI on May 25, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/dazeb/markdown-downloader/
https://github.com/dazeb/markdown-downloader/issues/12
https://vuldb.com/submit/814000
https://vuldb.com/vuln/365453
https://vuldb.com/vuln/365453/cti

History

Mon, 25 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Title		dazeb markdown-downloader index.ts create_subdirectory path traversal
First Time appeared		Dazeb Dazeb markdown-downloader
Weaknesses		CWE-22
CPEs		cpe:2.3:a:dazeb:markdown-downloader::::::::
Vendors & Products		Dazeb Dazeb markdown-downloader
References		https://github.com/dazeb/markdown-downloader/ https://github.com/dazeb/markdown-downloader/issues/12 https://vuldb.com/submit/814000 https://vuldb.com/vuln/365453 https://vuldb.com/vuln/365453/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Dazeb Markdown-downloader

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-25T16:00:17.495Z

Updated: 2026-05-25T16:00:17.495Z

Reserved: 2026-05-24T09:07:52.064Z

Link: CVE-2026-9472

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-25T18:00:15Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object