Denial of Service Vulnerability in Mistune Python Markdown Parser
CVE-2026-59928
7.5HIGH
What is CVE-2026-59928?
The Mistune parser, a Python-based Markdown renderer, has a vulnerability that allows attackers to craft specific Markdown documents with numerous repeated or distinct reference-link definitions. This causes the block parser to perform inefficiently, resulting in excessive CPU usage, which can lead to denial of service through resource exhaustion. Users are advised to upgrade to version 3.3.0 or later, where this issue has been rectified.
Affected Version(s)
mistune < 3.3.0
