A critical remote code execution vulnerability in Markdown Preview Enhanced allows unauthenticated attackers to execute arbitrary code via crafted markdown documents.

The application utilizes the interpretJS() function to parse Bitfield fenced code blocks, which evaluates content via vm.runInNewContext(). This allows an unauthenticated attacker to trigger arbitrary code execution on the server side when a malicious markdown document is rendered or exported.

With a CVSS score of 8.8, this vulnerability poses a severe risk to organizational infrastructure. Successful exploitation grants an attacker the ability to execute code with the privileges of the application process, potentially leading to full system compromise, unauthorized data access, and lateral movement within the network.

Immediate Action: Upgrade to version 0.8.28 or later immediately to implement secure JSON5 parsing for bitfield definitions.

Proactive Monitoring: Audit server logs for unexpected child process creation or unusual outbound network connections originating from the markdown rendering service.

Compensating Controls: Implement strict input validation or utilize a Web Application Firewall (WAF) to inspect incoming markdown content for suspicious Bitfield patterns, though patching remains the only definitive fix.

Public Exploit Available: true

The severity of this vulnerability, combined with the availability of public exploit code, necessitates immediate action. Administrators must prioritize updating to version 0.8.28 to mitigate the risk of remote code execution.