Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering

7.1 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Description

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attackers can exploit the unsanitized passing of wavedrom block content to window.eval() in the VS Code webview context to abuse the extension's message passing and invoke arbitrary file writes on the local filesystem.

Basic Information

ID CVE-2026-11422

Source VulnCheck

Published Jun 5, 2026 at 20:16

Affected Product

Vendor shd101wyy

Product Markdown Preview Enhanced

Affected Versions shd101wyy Markdown Preview Enhanced 0
shd101wyy crossnote 0

CWE Classification

CWE-95

References

{
    "lastseen": "",
    "description": "Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attackers can exploit the unsanitized passing of wavedrom block content to window.eval() in the VS Code webview context to abuse the extension's message passing and invoke arbitrary file writes on the local filesystem.",
    "published": "2026-06-05T20:16:50.802Z",
    "modified": "2026-06-05T20:16:50.802Z",
    "type": "cve",
    "title": "Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering",
    "source": "VulnCheck",
    "references": "https://github.com/shd101wyy/vscode-markdown-preview-enhanced/issues/2315\nhttps://github.com/shd101wyy/crossnote/commit/5588ca2121c3da43fe331575dc5cf4ef347b91ee\nhttps://github.com/shd101wyy/vscode-markdown-preview-enhanced/commit/dcd80281c986293b93d9f1af34ced64dcb230c77\nhttps://www.vulncheck.com/advisories/markdown-preview-enhanced-x-code-injection-via-wavedrom-rendering",
    "id": "CVE-2026-11422",
    "bulletinFamily": "",
    "cwe": [
        "CWE-95"
    ],
    "cvelist": null,
    "sourceData": "shd101wyy Markdown Preview Enhanced 0\nshd101wyy crossnote 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Markdown Preview Enhanced",
    "version": "0",
    "vendor": "shd101wyy",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Markdown Preview Enhanced 0.8.x Code Injection via WaveDrom Rendering_CVE-2026-11422