CVE-2026-11422: Markdown Preview Enhanced Code Injection via WaveDrom Rendering
Markdown Preview Enhanced, a popular VS Code extension that renders Markdown with enhanced visualization features, contains a critical flaw in how it processes WaveDrom diagrams. An attacker can craft a malicious Markdown file containing specially crafted WaveDrom code that, when previewed in VS Code, executes arbitrary JavaScript with the privileges of the extension. This JavaScript can then read files from your computer and write new files to your filesystem, potentially installing malware or stealing sensitive data. The vulnerability affects version 0.8.x when used with crossnote engine 0.9.28.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.1 HIGH · CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Weaknesses (CWE)
- CWE-95
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-05 / 2026-06-17
NVD description (verbatim)
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attackers can exploit the unsanitized passing of wavedrom block content to window.eval() in the VS Code webview context to abuse the extension's message passing and invoke arbitrary file writes on the local filesystem.
5 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-11422 is a code injection vulnerability (CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code) in Markdown Preview Enhanced's WaveDrom rendering pipeline. The extension passes unsanitized content from WaveDrom fenced code blocks directly to window.eval() within the VS Code webview context. An attacker can embed malicious JavaScript in a wavedrom code block within a Markdown document. When the document is previewed, the JavaScript executes in the webview sandbox. By exploiting the extension's message-passing mechanism, the attacker can escalate from code execution in the webview to arbitrary file operations on the local filesystem, bypassing the webview's isolation boundary.
Business impact
For organizations where developers use Markdown Preview Enhanced to review technical documentation, design diagrams, or specifications, this vulnerability creates a significant supply-chain risk. A single malicious Markdown file—shared via email, repository, documentation system, or wiki—can compromise a developer's workstation. Once code execution is achieved, an attacker can exfiltrate source code, credentials stored in environment files, SSH keys, or internal documentation. The ability to write files enables persistence mechanisms, lateral movement tooling, or outright malware installation. The user-interaction requirement (opening a preview) is a minor friction point in threat scenarios involving social engineering or trojanized documentation repositories.
Affected systems
Markdown Preview Enhanced version 0.8.x in combination with crossnote engine 0.9.28 is vulnerable. VS Code is the primary affected platform, though any host running the extension that processes untrusted Markdown files is at risk. Developers, technical writers, security researchers, and documentation teams who routinely open Markdown files from external or less-trusted sources face the highest exposure.
Exploitability
Exploitation requires user interaction—the victim must open a Markdown document in VS Code with Markdown Preview Enhanced active. The attack vector is local (requires file system access to place or open the file), but delivery is straightforward: the attacker can embed the payload in a GitHub repository, attach it to an email, or place it on a shared drive. No special privileges, authentication, or knowledge of the target system is required. The barrier to weaponization is low; creating a proof-of-concept requires only knowledge of WaveDrom syntax and basic JavaScript. The lack of KEV (Known Exploited Vulnerabilities) status as of the publication date suggests active exploitation in the wild has not been formally documented, but the simplicity of the attack makes exploitation probable.
Remediation
Upgrade Markdown Preview Enhanced to a patched version that sanitizes WaveDrom block content before passing it to any evaluation function. Additionally, ensure the crossnote engine dependency is updated to a version that does not contain this vulnerability. Verify the specific patch versions against the official Markdown Preview Enhanced repository or the VS Code extension marketplace. As an interim measure, disable the Markdown Preview Enhanced extension or restrict preview of untrusted Markdown files until patching is confirmed.
Patch guidance
Check the Markdown Preview Enhanced changelog and VS Code extension marketplace for version releases published after June 17, 2026 (the modification date of this CVE). The vendor should have released a patched version of 0.8.x or later that removes unsanitized eval() calls and properly sanitizes WaveDrom input. Update via the VS Code Extensions panel or verify the specific patched version number against the official vendor advisory before deployment. Test in a non-production environment to confirm the patch does not break legitimate WaveDrom rendering functionality.
Detection guidance
Monitor VS Code extension logs for errors or unusual activity following Markdown preview operations. Endpoint detection and response (EDR) tools should flag suspicious file write operations originating from VS Code webview processes. Network monitoring can identify unexpected outbound connections from the extension. File integrity monitoring on user home directories and credential storage locations (.ssh, .aws, etc.) may detect unauthorized modifications. Consider scanning Markdown repositories and shared documentation systems for suspicious WaveDrom syntax patterns (e.g., WaveDrom blocks containing JavaScript event handlers or eval() calls). On a preventive basis, restrict installation of Markdown Preview Enhanced in managed development environments to verified, patched versions.
Why prioritize this
This vulnerability merits urgent attention due to its HIGH CVSS score (7.1), direct path to code execution and file system access, and low barrier to exploitation. While it requires user interaction, developers and technical teams often work with Markdown files as part of normal workflow, making social engineering effective. The ability to write arbitrary files creates persistence and lateral movement opportunities. The lack of privilege requirement means even non-administrator users are fully exploitable. Organizations should prioritize patching before the vulnerability is widely exploited or incorporated into automated attack toolkits.
Risk score, explained
CVSS 7.1 (HIGH) reflects: (1) Local attack vector—the file must be accessed locally, limiting mass-exploitation but not significantly reducing risk in developer environments; (2) Low attack complexity—no special conditions or system knowledge required; (3) No privilege requirement—any user can trigger the vulnerability; (4) User interaction required—reduces the score but remains a minor barrier in social engineering scenarios; (5) Confidentiality and integrity impact—the attacker can read (C:H) and write (I:H) arbitrary files; (6) No availability impact—the attack does not directly disrupt system functioning. The score appropriately captures the severity: this is a dangerous vulnerability for any organization using the extension, but it is not a full system compromise or network-wide threat vector.
Frequently asked questions
Should we immediately uninstall Markdown Preview Enhanced?
Not necessarily, but you should prioritize patching to the latest version immediately. If patched versions are not yet available, disabling the extension or restricting its use to trusted, pre-reviewed Markdown files is a reasonable interim control. Uninstalling is appropriate if your organization does not depend on WaveDrom diagram rendering or if you can switch to an alternative Markdown preview solution.
Can an attacker exploit this if we only open Markdown files from our own repositories?
Yes, if an attacker compromises your repository or gains access to your documentation pipeline (e.g., via a contributor account or a supply-chain attack on a dependency), they can inject malicious Markdown. Additionally, if developers pull changes from external repositories as part of their workflow, the risk remains. Defense-in-depth requires both patching and code review practices for Markdown files that contain executable content like WaveDrom diagrams.
What are the first signs that someone has exploited this on a developer's machine?
Look for unexpected file modifications in the user's home directory, especially in configuration or credential locations (.ssh, .aws, .kube, etc.). Check for new processes spawned by VS Code or webview processes. Monitor for unusual network connections initiated by VS Code. EDR solutions should flag file write operations initiated from the webview context. In practice, if an attacker achieves file write, they may install a persistence mechanism (e.g., a scheduled task, SSH key, or modified shell profile) that warrants forensic investigation.
Is this vulnerability exploitable in other Markdown editors or preview tools?
The vulnerability is specific to Markdown Preview Enhanced and how it handles WaveDrom rendering in the VS Code webview context. Other Markdown editors may use different rendering pipelines or sandboxing approaches. However, any Markdown tool that accepts WaveDrom blocks and passes their content to unsafe evaluation (eval(), Function(), etc.) could have similar vulnerabilities. Verify the security practices of alternative tools before switching.
This analysis is provided for informational purposes to support security decision-making. It is not a substitute for vendor advisories, security bulletins, or professional incident response services. Patch version numbers, KEV status, and specific product recommendations should be verified against official vendor sources and your organization's testing protocols before deployment. SEC.co makes no warranty regarding the completeness or accuracy of third-party vulnerability data. Always consult your vendor's official security advisory for authoritative remediation guidance. Source: NVD (public-domain), retrieved 2026-07-14. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2026-50733HIGHMarkdown Preview Enhanced RCE via WaveDrom Eval Injection
- CVE-2018-25382HIGHZechat 1.5 SQL Injection Vulnerability – Unauthenticated Database Access
- CVE-2018-25383HIGHFree MP3 CD Ripper 2.8 Stack Overflow – ROP and DEP Bypass Risk
- CVE-2018-25385HIGHUnauthenticated SQL Injection in E-Registrasi Pencak Silat 18.10
- CVE-2018-25386HIGHSQL Injection in HaPe PKH 1.1 Admin Interface
- CVE-2018-25388HIGHHaPe PKH 1.1 Arbitrary File Upload Vulnerability (CVSS 8.8)
- CVE-2018-25389HIGHSQL Injection in HaPe PKH 1.1 Database Extraction
- CVE-2018-25390HIGHUnauthenticated SQL Injection in HaPe PKH 1.1