Intel

AIKIDO-2026-611214

mdex is vulnerable to Uncontrolled recursion

Uncontrolled recursionCVE-2026-54888 Published Jul 2, 2026

69

Medium Risk

This Affects:

ELIXIRmdex
0.3.0 - 0.12.2
Fixed in 0.12.3
Are you affected? Scan for Free

TL;DR

mdex converts between an Elixir %MDEx.Document{} struct and Comrak's internal AST using two mutually recursive Rust functions, ex_document_to_comrak_ast and comrak_ast_to_ex_document, in the NIF source file document.rs. Neither function enforces a maximum nesting depth, so the recursion depth is bounded only by the structure of the input. An attacker who can get a Markdown document rendered (for example through MDEx.parse_document!/1 or MDEx.to_html/1) can supply a document with thousands of nested block quotes, which drives unbounded recursion across the NIF boundary and exhausts the native C stack.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

mdex is vulnerable to Uncontrolled recursion in versions 0.3.0 - 0.12.2.

How to fix this

Upgrade the mdex library to the patch version.