Denial of Service Vulnerability in Mistune Python Markdown Parser
CVE-2026-59925
7.5HIGH
What is CVE-2026-59925?
The Mistune Python Markdown parser is susceptible to a denial of service issue due to an inefficient parsing algorithm. Versions prior to 3.3.0 can enter a quadratic work state when processing long sequences of double-asterisk or triple-asterisk emphasis pairs. This can result in significant delays or even system unresponsiveness during Markdown parsing. The issue has been resolved in version 3.3.0, making it imperative for users to update to the latest version to ensure their applications are secure from these parsing inaccuracies.
Affected Version(s)
mistune < 3.3.0
