2 matches found
CVE-2025-5276
All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery SSRF via the Markdownify.get function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to...
CVE-2025-5276
CVE-2025-5276 affects mcp-markdownify-server. All versions are vulnerable to SSRF via Markdownify.get(), where improper validation in is_ip_private() and fetch() that follows redirects allows an attacker to access internal resources by crafting prompts that trigger webpage-to-markdown, bing-searc...