PT-2026-56518 · Pypi · Mistune

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-59927

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Mistune versions prior to 3.3.0
Description The Include directive in src/mistune/directives/include.py only detects direct self-includes and fails to identify indirect cycles. This allows two markdown files that include each other to trigger unbounded recursion, resulting in a RecursionError and crashing the rendering request.
Recommendations Update to version 3.3.0.

Fix

Improper Handling of Exceptional Conditions

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59927

Affected Products

Mistune