Intel

AIKIDO-2026-547546

mdex_native is vulnerable to Unbounded memory allocation

Unbounded memory allocationCVE-2026-53428 Published Jul 2, 2026

69

Medium Risk

This Affects:

ELIXIRmdex_native
0.1.0 - 0.2.2
Fixed in 0.2.3
Are you affected? Scan for Free

TL;DR

mdex_native allows unbounded memory allocation when rendering Markdown that contains a fenced code block with an oversized highlight_lines range in its info string. The native adapter (LumisAdapter::parse_highlight_lines in lumis_adapter.rs) eagerly expands the attacker-controlled inclusive line range into a Vec<usize> with no upper bound, allocating roughly 8 bytes per line.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

mdex_native is vulnerable to Unbounded memory allocation in versions 0.1.0 - 0.2.2.

How to fix this

Upgrade the mdex_native library to the patch version.