Vulnerability  ·  2026-07-06

markdownify-mcp — Symlink Following in assertPathAllowed Path Validation

VulnerabilityLow impactGlobalCVE-2026-14699
CVE-2026-14699 (CVSS 3.3 Low, published 2026-07-05) is a locally-exploitable symlink-following vulnerability in an MCP server used to convert web content/files to Markdown for LLM agent consumption.
Low blast radius, local-only attack vector on a single MCP tool package — kept as a precise catalogued CVE per tiering guidance.
The assertPathAllowed function does not account for symlinks, allowing a local attacker to escape intended path restrictions by following a symlink.
zcaceres markdownify-mcp ≤ 1.1.0 (src/Markdownify.ts)
A pull request to fix this issue is pending vendor acceptance; avoid running markdownify-mcp with untrusted local file paths pending merge.
NVD CVE-2026-14699
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →