What happened
CVE-2026-14699 (CVSS 3.3 Low, published 2026-07-05) is a locally-exploitable symlink-following vulnerability in an MCP server used to convert web content/files to Markdown for LLM agent consumption.
Why it matters
Low blast radius, local-only attack vector on a single MCP tool package — kept as a precise catalogued CVE per tiering guidance.
Attack vector
The assertPathAllowed function does not account for symlinks, allowing a local attacker to escape intended path restrictions by following a symlink.
Affected systems
zcaceres markdownify-mcp ≤ 1.1.0 (src/Markdownify.ts)
Mitigation
A pull request to fix this issue is pending vendor acceptance; avoid running markdownify-mcp with untrusted local file paths pending merge.