Mintlify Security Event - November 2025

In November 2025, Mintlify experienced a significant security event when researchers discovered an XSS vulnerability in its static asset hosting, where cross-domain access allowed malicious actors to execute scripts on customer sites. The company swiftly responded by deploying a fix within 45 minutes of being notified, and engaged in a week-long collaboration with the researchers to identify and patch additional vulnerabilities, such as path traversal and server-side rendering code execution. The incident led to comprehensive security improvements, including stricter asset access controls, enhanced incident response protocols, and an updated bug bounty program, with Mintlify expressing gratitude to the researchers and affected customers for their cooperation and trust.