CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTML — with no call to escape(), safe_entity(), or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject arbitrary additional attributes (event handlers, src=, href=, etc.) into the heading element. This vulnerability is fixed in 3.2.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.3%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2026-44897

Mistune Project » Mistune » Version: 0.1.0

cpe:2.3:a:mistune_project:mistune:0.1.0
Mistune Project » Mistune » Version: 0.2.0

cpe:2.3:a:mistune_project:mistune:0.2.0
Mistune Project » Mistune » Version: 0.3.0

cpe:2.3:a:mistune_project:mistune:0.3.0
Mistune Project » Mistune » Version: 0.3.1

cpe:2.3:a:mistune_project:mistune:0.3.1
Mistune Project » Mistune » Version: 0.4

cpe:2.3:a:mistune_project:mistune:0.4
Mistune Project » Mistune » Version: 0.4.1

cpe:2.3:a:mistune_project:mistune:0.4.1
Mistune Project » Mistune » Version: 0.5

cpe:2.3:a:mistune_project:mistune:0.5
Mistune Project » Mistune » Version: 0.5.1

cpe:2.3:a:mistune_project:mistune:0.5.1
Mistune Project » Mistune » Version: 0.6

cpe:2.3:a:mistune_project:mistune:0.6
Mistune Project » Mistune » Version: 0.7

cpe:2.3:a:mistune_project:mistune:0.7
Mistune Project » Mistune » Version: 0.7.1

cpe:2.3:a:mistune_project:mistune:0.7.1
Mistune Project » Mistune » Version: 0.7.2

cpe:2.3:a:mistune_project:mistune:0.7.2
Mistune Project » Mistune » Version: 0.7.3

cpe:2.3:a:mistune_project:mistune:0.7.3
Mistune Project » Mistune » Version: 0.7.4

cpe:2.3:a:mistune_project:mistune:0.7.4
Mistune Project » Mistune » Version: 0.8

cpe:2.3:a:mistune_project:mistune:0.8
Mistune Project » Mistune » Version: 0.8.1

cpe:2.3:a:mistune_project:mistune:0.8.1
Mistune Project » Mistune » Version: 0.8.2

cpe:2.3:a:mistune_project:mistune:0.8.2
Mistune Project » Mistune » Version: 0.8.3

cpe:2.3:a:mistune_project:mistune:0.8.3
Mistune Project » Mistune » Version: 0.8.4

cpe:2.3:a:mistune_project:mistune:0.8.4
Mistune Project » Mistune » Version: 2.0.0

cpe:2.3:a:mistune_project:mistune:2.0.0
Mistune Project » Mistune » Version: 2.0.1

cpe:2.3:a:mistune_project:mistune:2.0.1
Mistune Project » Mistune » Version: 2.0.2

cpe:2.3:a:mistune_project:mistune:2.0.2
Mistune Project » Mistune » Version: 2.0.3

cpe:2.3:a:mistune_project:mistune:2.0.3
Mistune Project » Mistune » Version: 2.0.4

cpe:2.3:a:mistune_project:mistune:2.0.4
Mistune Project » Mistune » Version: 2.0.5

cpe:2.3:a:mistune_project:mistune:2.0.5
Mistune Project » Mistune » Version: 3.0.0

cpe:2.3:a:mistune_project:mistune:3.0.0
Mistune Project » Mistune » Version: 3.0.1

cpe:2.3:a:mistune_project:mistune:3.0.1
Mistune Project » Mistune » Version: 3.0.2

cpe:2.3:a:mistune_project:mistune:3.0.2
Mistune Project » Mistune » Version: 3.1.0

cpe:2.3:a:mistune_project:mistune:3.1.0
Mistune Project » Mistune » Version: 3.1.1

cpe:2.3:a:mistune_project:mistune:3.1.1
Mistune Project » Mistune » Version: 3.1.2

cpe:2.3:a:mistune_project:mistune:3.1.2
Mistune Project » Mistune » Version: 3.1.3

cpe:2.3:a:mistune_project:mistune:3.1.3
Mistune Project » Mistune » Version: 3.1.4

cpe:2.3:a:mistune_project:mistune:3.1.4
Mistune Project » Mistune » Version: 3.2.0

cpe:2.3:a:mistune_project:mistune:3.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-44897

Products

Pricing

Contact Us