CVE-2026-33441

Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1

Description A Denial-of-Service (DoS) issue exists in the Mistune Markdown parser. Processing specially crafted reference links can cause excessive backtracking and parsing loops within the parse link title() function in helpers.py, leading to excessive CPU consumption and application hangs. Remote attackers can exploit this by submitting malicious Markdown to cause service unavailability.

Recommendations Update to version 3.2.1. As a temporary workaround, consider restricting the use of the parse link title() function or implementing limits on reference-link title length and parsing depth to minimize the risk of exploitation.