CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-44896

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.8%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/lepture/mistune/security/advisories/GHSA-58cw-g322-p94v

Products affected by CVE-2026-44896

Mistune Project » Mistune » Version: 0.1.0

cpe:2.3:a:mistune_project:mistune:0.1.0
Mistune Project » Mistune » Version: 0.2.0

cpe:2.3:a:mistune_project:mistune:0.2.0
Mistune Project » Mistune » Version: 0.3.0

cpe:2.3:a:mistune_project:mistune:0.3.0
Mistune Project » Mistune » Version: 0.3.1

cpe:2.3:a:mistune_project:mistune:0.3.1
Mistune Project » Mistune » Version: 0.4

cpe:2.3:a:mistune_project:mistune:0.4
Mistune Project » Mistune » Version: 0.4.1

cpe:2.3:a:mistune_project:mistune:0.4.1
Mistune Project » Mistune » Version: 0.5

cpe:2.3:a:mistune_project:mistune:0.5
Mistune Project » Mistune » Version: 0.5.1

cpe:2.3:a:mistune_project:mistune:0.5.1
Mistune Project » Mistune » Version: 0.6

cpe:2.3:a:mistune_project:mistune:0.6
Mistune Project » Mistune » Version: 0.7

cpe:2.3:a:mistune_project:mistune:0.7
Mistune Project » Mistune » Version: 0.7.1

cpe:2.3:a:mistune_project:mistune:0.7.1
Mistune Project » Mistune » Version: 0.7.2

cpe:2.3:a:mistune_project:mistune:0.7.2
Mistune Project » Mistune » Version: 0.7.3

cpe:2.3:a:mistune_project:mistune:0.7.3
Mistune Project » Mistune » Version: 0.7.4

cpe:2.3:a:mistune_project:mistune:0.7.4
Mistune Project » Mistune » Version: 0.8

cpe:2.3:a:mistune_project:mistune:0.8
Mistune Project » Mistune » Version: 0.8.1

cpe:2.3:a:mistune_project:mistune:0.8.1
Mistune Project » Mistune » Version: 0.8.2

cpe:2.3:a:mistune_project:mistune:0.8.2
Mistune Project » Mistune » Version: 0.8.3

cpe:2.3:a:mistune_project:mistune:0.8.3
Mistune Project » Mistune » Version: 0.8.4

cpe:2.3:a:mistune_project:mistune:0.8.4
Mistune Project » Mistune » Version: 2.0.0

cpe:2.3:a:mistune_project:mistune:2.0.0
Mistune Project » Mistune » Version: 2.0.1

cpe:2.3:a:mistune_project:mistune:2.0.1
Mistune Project » Mistune » Version: 2.0.2

cpe:2.3:a:mistune_project:mistune:2.0.2
Mistune Project » Mistune » Version: 2.0.3

cpe:2.3:a:mistune_project:mistune:2.0.3
Mistune Project » Mistune » Version: 2.0.4

cpe:2.3:a:mistune_project:mistune:2.0.4
Mistune Project » Mistune » Version: 2.0.5

cpe:2.3:a:mistune_project:mistune:2.0.5
Mistune Project » Mistune » Version: 3.0.0

cpe:2.3:a:mistune_project:mistune:3.0.0
Mistune Project » Mistune » Version: 3.0.1

cpe:2.3:a:mistune_project:mistune:3.0.1
Mistune Project » Mistune » Version: 3.0.2

cpe:2.3:a:mistune_project:mistune:3.0.2
Mistune Project » Mistune » Version: 3.1.0

cpe:2.3:a:mistune_project:mistune:3.1.0
Mistune Project » Mistune » Version: 3.1.1

cpe:2.3:a:mistune_project:mistune:3.1.1
Mistune Project » Mistune » Version: 3.1.2

cpe:2.3:a:mistune_project:mistune:3.1.2
Mistune Project » Mistune » Version: 3.1.3

cpe:2.3:a:mistune_project:mistune:3.1.3
Mistune Project » Mistune » Version: 3.1.4

cpe:2.3:a:mistune_project:mistune:3.1.4
Mistune Project » Mistune » Version: 3.2.0

cpe:2.3:a:mistune_project:mistune:3.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-44896

Products

Pricing

Contact Us