CVE-2026-9472
MEDIUMdazeb markdown-downloader index.ts create_subdirectory path traversal
Title source: cnaDescription
A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download_markdown/list_downloaded_files/create_subdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-365453 | dazeb markdown-downloader index.ts create_subdirectory path traversal
https://vuldb.com/vuln/365453
Signature, Permissions Required signature
permissions-required
VDB-365453 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/365453/cti
Third Party Advisory third-party-advisory
Submit #814000 | dazeb markdown-downloader 3d4394b34b6c99d81af817623af55e3384df5a6a Path Traversal
https://vuldb.com/submit/814000
Exploit exploit
issue-tracking
https://github.com/dazeb/markdown-downloader/issues/12
Product product
https://github.com/dazeb/markdown-downloader/
Scores
CVSS v3
6.3
EPSS
0.0034
EPSS Percentile
25.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
dazeb/markdown-downloader
3d4394b34b6c99d81af817623af55e3384df5a6a
Published
May 25, 2026
Tracked Since
May 25, 2026