Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Visual Studio Code Extensions Markdown Preview Enhanced allows code execution
CVE-2025-65716
Summary
Malicious Markdown files can be uploaded and executed in Markdown Preview Enhanced, potentially allowing an attacker to run arbitrary code on a victim's system. This could lead to unauthorized access or data theft. Users should update to the latest version of Markdown Preview Enhanced to mitigate this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| shd101wyy | markdown_preview_enhanced | > 0.8.18 | – |
Original title
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.
Original description
An issue in Visual Studio Code Extensions Markdown Preview Enhanced v0.8.18 allows attackers to execute arbitrary code via uploading a crafted .Md file.
nvd CVSS3.1
8.8
Vulnerability type
CWE-94
Code Injection
- https://github.com/shd101wyy/markdown-preview-enhanced Product
- https://www.ox.security/blog/cve-2025-65716-markdown-preview-enhanced-vscode-vul... Exploit Third Party Advisory
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026