Python Markdown Parser Vulnerability in Mistune by Lepture
CVE-2026-59929
6.1MEDIUM
What is CVE-2026-59929?
Mistune, a Python Markdown parser, contains a flaw in the safe_url filter that inadvertently allows certain legacy or chained schemes, such as feed:, view-source:, jar:, and others, to bypass security measures prior to version 3.3.0. This vulnerability can lead to the potential execution of harmful scripts in user agents. The issue is resolved in version 3.3.0, but earlier versions can expose users to security risks.
Affected Version(s)
mistune < 3.3.0
