CVE-2026-14699
Severity CVSS v4.0:
MEDIUM
Type:
CWE-59
Link Following
Publication date:
05/07/2026
Last modified:
06/07/2026
Description
A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.
Impact
Base Score 4.0
4.80
Severity 4.0
MEDIUM
Base Score 3.x
3.30
Severity 3.x
LOW
Base Score 2.0
1.70
Severity 2.0
LOW



