Ghostwire

CVE-2026-14699: A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function...

LOW CVSS 3.3 Exploit Available

Published: July 5, 2026 | Last Modified: July 5, 2026

Description

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References