if you click a link to file:///123.45.67.89:69420/files-download/virus.exe it will download and run virus.exe from that IP address
it still works, but now there is a “Dangerous Link Location: This is not a web link and may lead to the execution of malicious code” warning, but previously it would silently run the file.
Yep it’s markdown, and yep they had a CVE with second highest grade cause of it
heh, ofc. Apparently something to do with file:// and such uri handling, apparently executing local files? Yikes.
not just local files
if you click a link to file:///123.45.67.89:69420/files-download/virus.exe it will download and run virus.exe from that IP address
it still works, but now there is a “Dangerous Link Location: This is not a web link and may lead to the execution of malicious code” warning, but previously it would silently run the file.
kinda wild a file-link ever went straight to executing it after download - which on it’s own could be dangerous as well.
I guess the “the s in IOT stands for security” also applies to notepad: “the s in vibecoding stands for security”
https://www.cve.org/CVERecord?id=CVE-2026-20841
Neat
Aren’t CVE grades meaningless anyway with how they are declared in real world?
We run CVEs through our software inventory and configuration and come up with a new score that measures how bad it is for us.