Vulnerability in Leandrocp Mdex

CVE-2026-54888

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document{} struct and Comrak's internal AST using two mutually recursive Rust function…

Affected products

Leandrocp Mdex — versions 0.3.0, d0bc7d55177727c61d188ef465178ab3b81f4f2c
Leandrocp Mdex_native — versions 0.1.0, 956528c5e31746253347029e810a969ab916fd27

Weakness classification (CWE)

CWE-674 — Uncontrolled Recursion

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)