Memory Allocation Vulnerability in MDEx Product by Leandrocp
CVE-2026-53428

6.9MEDIUM

Key Information:

Vendor: Leandrocp
Status: Mdex; Mdex Native
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-53428?

A memory allocation issue in the MDEx product allows an unauthenticated attacker to exploit unbounded memory allocation, potentially leading to denial of service. The vulnerability arises when a user-controlled inclusive line range is processed in an unbounded manner, causing significant memory consumption that can crash the application. Attackers can exploit this by embedding a specially crafted Markdown code block which, through the rendering process, allocates excessive memory resources. This results in overwhelming the host system, effectively denying service to all users relying on the rendering functionality. The affected versions include MDEx prior to 0.12.3 and mdex_native prior to 0.2.3, making timely patching critical.

Affected Version(s)

mdex 0.11.0 < 0.12.3

mdex a8407611715d1ead35fbcba79c72cef1b7df387b < 6ed94d905f97af188323f042698ae841c02293b4

mdex_native 0.1.0 < 0.2.3

References

https://github.com/leandrocp/mdex_native/security/advisor...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-53428.html

https://osv.dev/vulnerability/EEF-CVE-2026-53428

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 9, 2026

Credit

Peter Ullrich

Leandro Pereira

Jonatan Männchen / EEF

CVE-2026-53428 Data

JSON