PT-2026-56510 · Pypi · Mistune

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-59925

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0
Description A denial of service issue exists in the default parsing process. Long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inline parser.py because the parser scans forward for matching close markers from every potential opening run.
Recommendations Update to version 3.3.0.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59925

Affected Products

Mistune