PT-2026-56517 · Pypi · Mistune

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-59924

CVSS v3.1

5.9

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0
Description Mistune is a Python Markdown parser with renderers and plugins. The Include.parse() function joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory. This allows crafted include paths to access files outside that directory when markdown files are processed using md.read().
Recommendations Update to version 3.3.0.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59924

Affected Products

Mistune