Mintlify Platform Deployment Downgrade Vulnerability

A vulnerability in the Mintlify Platform's Deployment Infrastructure, prior to November 15, 2025, allows remote attackers to bypass security patches and execute downgrade attacks. This is achieved by exploiting predictable deployment identifiers on the Vercel preview domain. Attackers can identify URLs of previous deployments that contain unpatched vulnerabilities and, by directly accessing specific git references or deployment IDs, force the application to load vulnerable versions.

Impact

Exploitation of this vulnerability allows for the execution of previously patched exploits, potentially leading to cross-site scripting (XSS) vulnerabilities on customer domains, according to Mintlify.

Reproduction

To reproduce this vulnerability, add a specific deployment ID or git reference of a vulnerable version to a Mintlify repository. Once deployed, access the Vercel preview deployment on a Mintlify-provided documentation or custom domain. Then, navigate to the path '/_mintlify/static/[subdomain]/[vulnerable-asset]' to trigger the downgrade attack.

Remediation

Mintlify has implemented a visitor password on preview deployments on Vercel, purging old deployments that were vulnerable. Instructions for managing Vercel deployments can be found in the Vercel documentation.