CVE-2026-46492 - md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)
CVE ID :CVE-2026-46492
Published : June 9, 2026, 4:09 p.m. | 55 minutes ago
Description :md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including
Published : June 9, 2026, 4:09 p.m. | 55 minutes ago
Description :md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including