A vulnerability labeled as problematic has been found in pragdave earmark up to 1.4.1 . Impacted is an unknown function in the library lib/earmark/transform.ex . The manipulation results in improper neutralization of script in attributes in a web page. This vulnerability is reported as CVE-2026-48591 . The attack requires a local approach. No exploit exists.