Skip to main content

mistune CVE-2026-44896

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-05-08 https://github.com/lepture/mistune GHSA-58cw-g322-p94v
5.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Red Hat
5.4 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

4
CVSS changed
May 26, 2026 - 21:22 NVD
5.3 (MEDIUM)
Source Code Evidence Fetched
May 09, 2026 - 00:01 vuln.today
Analysis Generated
May 09, 2026 - 00:01 vuln.today
CVE Published
May 08, 2026 - 23:43 nvd
MEDIUM

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 116 pypi packages depend on mistune (9 direct, 108 indirect)

Ecosystem-wide dependent count for version 3.2.1.

DescriptionGitHub Advisory

In src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping (lines 152-168).

This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer.

Other attributes in the same file (src, alt, style) are properly escaped; figclass/figwidth were missed.

AnalysisAI

Cross-site scripting (XSS) via unescaped HTML attributes in mistune's figure directive allows attackers to inject arbitrary HTML and JavaScript when processing markdown documents with figure directives, bypassing the HTMLRenderer escape setting. The figclass and figwidth parameters in render_figure() are concatenated directly into HTML without sanitization, while other attributes in the same file are properly escaped. Vulnerability affects mistune versions through 3.2.0; no patched version is currently released.

Technical ContextAI

Mistune is a markdown parser library for Python that supports custom directives, including image/figure directives. The vulnerable code is in src/mistune/directives/image.py, specifically the render_figure() function at lines 152-168. The vulnerability stems from CWE-79 (improper neutralization of input during web page generation). While the HTMLRenderer class provides an escape=True parameter to sanitize user input, the figure directive handler bypasses this protection by directly concatenating user-supplied figclass and figwidth option values into HTML attribute strings without escaping. Other attributes in the same file (src, alt, style) correctly apply escaping, indicating this is an implementation oversight rather than a systemic issue.

RemediationAI

No vendor-released patched version is currently available as of the advisory date. Immediate mitigation requires either: (1) upgrade mistune to a version newer than 3.2.0 once released by the maintainer (monitor the GitHub repository and PyPI for updates); (2) if upgrading is not immediately feasible, disable figure directives entirely by removing or not loading the image directive plugin - this eliminates the attack surface but removes intended markdown functionality; (3) implement a Web Application Firewall (WAF) rule to detect and block markdown containing figure directives with suspicious figclass or figwidth values (e.g., containing quotes, angle brackets, or event handler patterns), though this is a defense-in-depth measure and not a substitute for patching. Additionally, ensure all markdown input is sourced only from trusted users and consider restricting figure directive usage to authenticated/authorized users if feasible within application logic. Monitor the GitHub repository (https://github.com/lepture/mistune) and the GHSA advisory (https://github.com/lepture/mistune/security/advisories/GHSA-58cw-g322-p94v) for patch releases.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Python 3 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-44896 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy