Denial of Service Vulnerability in Mistune Python Markdown Parser
CVE-2026-59925

7.5HIGH

Key Information:

Vendor

Lepture

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-59925?

The Mistune Python Markdown parser is susceptible to a denial of service issue due to an inefficient parsing algorithm. Versions prior to 3.3.0 can enter a quadratic work state when processing long sequences of double-asterisk or triple-asterisk emphasis pairs. This can result in significant delays or even system unresponsiveness during Markdown parsing. The issue has been resolved in version 3.3.0, making it imperative for users to update to the latest version to ensure their applications are secure from these parsing inaccuracies.

Affected Version(s)

mistune < 3.3.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.