CVE-2026-14699
CVE-2026-14699 affects zcaceres/markdownify-mcp prior to 1.1.0. The vulnerability is in assertPathAllowed (src/Markdownify.ts) and can be triggered by local manipulation, potentially causing symlink following. Exploitation is limited to local access. A fix is pending in a pull request and not yet...