Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sun, 05 Jul 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance. | |
| Title | zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink | |
| First Time appeared |
Zcaceres
Zcaceres markdownify-mcp |
|
| Weaknesses | CWE-59 CWE-61 |
|
| CPEs | cpe:2.3:a:zcaceres:markdownify-mcp:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Zcaceres
Zcaceres markdownify-mcp |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-05T03:15:08.112Z
Reserved: 2026-07-04T05:22:43.104Z
Link: CVE-2026-14699
No data.
No data.
No data.
OpenCVE Enrichment
No data.