CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inserts it directly into a style="width:...;" or style="height:...;" attribute. Because the value was accepted by the prefix-only regex, any CSS after the leading digits reaches the style= attribute verbatim and without escaping. This vulnerability is fixed in 3.2.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.3%

CVSS Severity

CVSS v3 Score 4.7

References

Products affected by CVE-2026-44899

Mistune Project » Mistune » Version: 0.1.0

cpe:2.3:a:mistune_project:mistune:0.1.0
Mistune Project » Mistune » Version: 0.2.0

cpe:2.3:a:mistune_project:mistune:0.2.0
Mistune Project » Mistune » Version: 0.3.0

cpe:2.3:a:mistune_project:mistune:0.3.0
Mistune Project » Mistune » Version: 0.3.1

cpe:2.3:a:mistune_project:mistune:0.3.1
Mistune Project » Mistune » Version: 0.4

cpe:2.3:a:mistune_project:mistune:0.4
Mistune Project » Mistune » Version: 0.4.1

cpe:2.3:a:mistune_project:mistune:0.4.1
Mistune Project » Mistune » Version: 0.5

cpe:2.3:a:mistune_project:mistune:0.5
Mistune Project » Mistune » Version: 0.5.1

cpe:2.3:a:mistune_project:mistune:0.5.1
Mistune Project » Mistune » Version: 0.6

cpe:2.3:a:mistune_project:mistune:0.6
Mistune Project » Mistune » Version: 0.7

cpe:2.3:a:mistune_project:mistune:0.7
Mistune Project » Mistune » Version: 0.7.1

cpe:2.3:a:mistune_project:mistune:0.7.1
Mistune Project » Mistune » Version: 0.7.2

cpe:2.3:a:mistune_project:mistune:0.7.2
Mistune Project » Mistune » Version: 0.7.3

cpe:2.3:a:mistune_project:mistune:0.7.3
Mistune Project » Mistune » Version: 0.7.4

cpe:2.3:a:mistune_project:mistune:0.7.4
Mistune Project » Mistune » Version: 0.8

cpe:2.3:a:mistune_project:mistune:0.8
Mistune Project » Mistune » Version: 0.8.1

cpe:2.3:a:mistune_project:mistune:0.8.1
Mistune Project » Mistune » Version: 0.8.2

cpe:2.3:a:mistune_project:mistune:0.8.2
Mistune Project » Mistune » Version: 0.8.3

cpe:2.3:a:mistune_project:mistune:0.8.3
Mistune Project » Mistune » Version: 0.8.4

cpe:2.3:a:mistune_project:mistune:0.8.4
Mistune Project » Mistune » Version: 2.0.0

cpe:2.3:a:mistune_project:mistune:2.0.0
Mistune Project » Mistune » Version: 2.0.1

cpe:2.3:a:mistune_project:mistune:2.0.1
Mistune Project » Mistune » Version: 2.0.2

cpe:2.3:a:mistune_project:mistune:2.0.2
Mistune Project » Mistune » Version: 2.0.3

cpe:2.3:a:mistune_project:mistune:2.0.3
Mistune Project » Mistune » Version: 2.0.4

cpe:2.3:a:mistune_project:mistune:2.0.4
Mistune Project » Mistune » Version: 2.0.5

cpe:2.3:a:mistune_project:mistune:2.0.5
Mistune Project » Mistune » Version: 3.0.0

cpe:2.3:a:mistune_project:mistune:3.0.0
Mistune Project » Mistune » Version: 3.0.1

cpe:2.3:a:mistune_project:mistune:3.0.1
Mistune Project » Mistune » Version: 3.0.2

cpe:2.3:a:mistune_project:mistune:3.0.2
Mistune Project » Mistune » Version: 3.1.0

cpe:2.3:a:mistune_project:mistune:3.1.0
Mistune Project » Mistune » Version: 3.1.1

cpe:2.3:a:mistune_project:mistune:3.1.1
Mistune Project » Mistune » Version: 3.1.2

cpe:2.3:a:mistune_project:mistune:3.1.2
Mistune Project » Mistune » Version: 3.1.3

cpe:2.3:a:mistune_project:mistune:3.1.3
Mistune Project » Mistune » Version: 3.1.4

cpe:2.3:a:mistune_project:mistune:3.1.4
Mistune Project » Mistune » Version: 3.2.0

cpe:2.3:a:mistune_project:mistune:3.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-44899

Products

Pricing

Contact Us