Home

Description

Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.

PUBLISHED Reserved 2026-05-15 | Published 2026-06-26 | Updated 2026-06-26 | Assigner rapid7




MEDIUM: 4.8CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status
unaffected

Any version before 4.0.0
affected

4.0.0 (custom)
unaffected

Credits

Jacob Steadman, Rapid7 finder

Jed Starr, Rapid7 finder

References

github.com/...t-plugins/blob/master/plugins/markdown/help.md vendor-advisory

github.com/rapid7/insightconnect-plugins/pull/3721 patch

cve.org (CVE-2026-8661)

nvd.nist.gov (CVE-2026-8661)

Download JSON