CVE-2026-49493
HIGHMarkdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()
Title source: cnaDescription
Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled code on the server side when the document is rendered or exported. Fixed in 0.8.28 by parsing bitfield register definitions with JSON5.parse(), since they are purely data.
References (2)
Core 2
Core References
Release Notes release-notes
Release 0.8.28
https://github.com/shd101wyy/vscode-markdown-preview-enhanced/releases/tag/0.8.28
Third Party Advisory third-party-advisory
VulnCheck Advisory: Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()
https://www.vulncheck.com/advisories/markdown-preview-enhanced-arbitrary-code-execution-via-bitfield-interpretjs
Scores
CVSS v3
8.8
EPSS
0.0033
EPSS Percentile
24.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
shd101wyy/Markdown Preview Enhanced
< 0.8.28
Published
Jun 05, 2026
Tracked Since
Jun 06, 2026