Python Markdown Parser Vulnerability in Mistune Affects Various Applications
CVE-2026-59930
4.3MEDIUM
What is CVE-2026-59930?
The Mistune Markdown parser has a vulnerability in its toc plugin and TableOfContents directive that enables the generation of predictable heading IDs (toc_N). This behavior allows attackers to create conflicting IDs that collide with generated anchors on the same page. Such manipulation can compromise the integrity of navigation, affecting CSS selectors or JavaScript handlers and potentially leading to unpredictable behavior within affected applications. This issue has been rectified in version 3.3.0 of Mistune.
Affected Version(s)
mistune < 3.3.0
