Memory Leak Vulnerability in MDEx and MDEx_Native from LeandroCP
CVE-2026-53429

6.9MEDIUM

Key Information:

Vendor: Leandrocp
Status: Mdex; Mdex Native
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-53429?

This vulnerability allows attackers to exploit the MDEx and MDEx_Native products by causing unbounded memory exhaustion through the rendering of documents containing user-supplied escaped-tag nodes. When these nodes are processed, each conversion permanently allocates memory that is never reclaimed, leading to a gradual accumulation of memory usage. Consequently, attackers can escalate memory demands indefinitely, potentially crashing processes that rely on the affected libraries.

Affected Version(s)

mdex 0.11.0 < 0.12.3

mdex 81e4d14dd3aa5b206e395c7f372b9b413793015f < 6ed94d905f97af188323f042698ae841c02293b4

mdex_native 0.1.0 < 0.2.3

References

https://github.com/leandrocp/mdex_native/security/advisor...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-53429.html

https://osv.dev/vulnerability/EEF-CVE-2026-53429

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 9, 2026

Credit

Peter Ullrich

Leandro Pereira

Jonatan Männchen / EEF

CVE-2026-53429 Data

JSON

Leandrocp

What is CVE-2026-53429?

Affected Version(s)

References

CVSS V4

Timeline

Credit