CVE-2026-14702 PUBLISHED

zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values

Assigner: VulDB
Reserved: 04.07.2026 Published: 05.07.2026 Updated: 05.07.2026

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
CVSS Score: 2

Product Status

Vendor zcaceres
Product markdownify-mcp
Versions
  • Version 1.0 is affected
  • Version 1.1.0 is affected

Credits

  • Dem0000000 (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Insufficiently Random Values CWE
  • Cryptographic Issues CWE