mistune CVE-2026-44896
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 116 pypi packages depend on mistune (9 direct, 108 indirect)
Ecosystem-wide dependent count for version 3.2.1.
DescriptionGitHub Advisory
In src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping (lines 152-168).
This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer.
Other attributes in the same file (src, alt, style) are properly escaped; figclass/figwidth were missed.
AnalysisAI
Cross-site scripting (XSS) via unescaped HTML attributes in mistune's figure directive allows attackers to inject arbitrary HTML and JavaScript when processing markdown documents with figure directives, bypassing the HTMLRenderer escape setting. The figclass and figwidth parameters in render_figure() are concatenated directly into HTML without sanitization, while other attributes in the same file are properly escaped. Vulnerability affects mistune versions through 3.2.0; no patched version is currently released.
Technical ContextAI
Mistune is a markdown parser library for Python that supports custom directives, including image/figure directives. The vulnerable code is in src/mistune/directives/image.py, specifically the render_figure() function at lines 152-168. The vulnerability stems from CWE-79 (improper neutralization of input during web page generation). While the HTMLRenderer class provides an escape=True parameter to sanitize user input, the figure directive handler bypasses this protection by directly concatenating user-supplied figclass and figwidth option values into HTML attribute strings without escaping. Other attributes in the same file (src, alt, style) correctly apply escaping, indicating this is an implementation oversight rather than a systemic issue.
RemediationAI
No vendor-released patched version is currently available as of the advisory date. Immediate mitigation requires either: (1) upgrade mistune to a version newer than 3.2.0 once released by the maintainer (monitor the GitHub repository and PyPI for updates); (2) if upgrading is not immediately feasible, disable figure directives entirely by removing or not loading the image directive plugin - this eliminates the attack surface but removes intended markdown functionality; (3) implement a Web Application Firewall (WAF) rule to detect and block markdown containing figure directives with suspicious figclass or figwidth values (e.g., containing quotes, angle brackets, or event handler patterns), though this is a defense-in-depth measure and not a substitute for patching. Additionally, ensure all markdown input is sourced only from trusted users and consider restricting figure directive usage to authenticated/authorized users if feasible within application logic. Monitor the GitHub repository (https://github.com/lepture/mistune) and the GHSA advisory (https://github.com/lepture/mistune/security/advisories/GHSA-58cw-g322-p94v) for patch releases.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-58cw-g322-p94v