CVE-2026-46492EPSS p11.5%

CVE-2026-46492CVE-2026-46492

Description

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including <script> tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution in the context of the affected domain. This issue has been patched in version 1.10.3.

Scoring

CVSS 7.2 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS0.21% probability of exploitation · percentile 11.5% · 2026-06-19T12:03:05Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-24981
CVE
CVE-2026-49492
CVE
CVE-2025-65716
CVE
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
CVE
CVE-2025-65108
CVE
CVE-2025-54075
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.