CVE-2026-14699 | zcaceres markdownify-mcp up to 1.1.0 src/Markdownify.ts assertPathAllowed symlink (Issue 108)
A vulnerability, which was classified as problematic, was found in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following.
The identification of this vulnerability is CVE-2026-14699. The attack can only be executed locally. There is no exploit available.
The pull request to fix this issue awaits acceptance.VulDB Recent EntriesRead More