Vulnerability  ·  2026-07-07

markdownify-mcp — Symlink Following in assertPathAllowed Path Validation

VulnerabilityLow impactGlobalCVE-2026-14699
markdownify-mcp's path-allowlist check does not resolve symlinks before validation, letting a local attacker construct a symlink that bypasses the intended directory confinement.
Local-only attack vector on a niche single-maintainer MCP tool; low blast radius but included for completeness as a precisely catalogued CVE.
The assertPathAllowed function in src/Markdownify.ts fails to detect symlinks, allowing a local attacker to use symlink following to escape the intended path restriction.
zcaceres markdownify-mcp, up to version 1.1.0
Track the pending pull request to fix this issue in the upstream repository; avoid processing untrusted symlinked paths in the interim.
NVD CVE-2026-14699markdownify-mcp GitHub
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →