Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sun, 05 Jul 2026 04:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance. | |
| Title | zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values | |
| First Time appeared |
Zcaceres
Zcaceres markdownify-mcp |
|
| Weaknesses | CWE-310 CWE-330 |
|
| CPEs | cpe:2.3:a:zcaceres:markdownify-mcp:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Zcaceres
Zcaceres markdownify-mcp |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-05T04:00:08.361Z
Reserved: 2026-07-04T05:28:34.112Z
Link: CVE-2026-14702
No data.
No data.
No data.
OpenCVE Enrichment
No data.