CVE-2026-53429

🗓️ 29 Jun 2026 19:07:16Reported by EEFType

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering co...

Reporter	Title	Published	Views	Family All 3
ATTACKERKB	CVE-2026-53429	29 Jun 202619:07	–	attackerkb
Cvelist	CVE-2026-53429 Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service	29 Jun 202619:07	–	cvelist
NVD	CVE-2026-53429	29 Jun 202620:17	–	nvd

CNA

Node

leandrocp mdexRange0.11.0–0.12.3

leandrocp mdex_nativeRange0.1.0–0.2.3

[
  {
    "collectionURL": "https://repo.hex.pm",
    "cpes": [
      "cpe:2.3:a:leandrocp:mdex:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "'Elixir.MDEx'",
      "comrak_nif"
    ],
    "packageName": "mdex",
    "packageURL": "pkg:hex/mdex",
    "product": "mdex",
    "programFiles": [
      "native/comrak_nif/src/types/document.rs"
    ],
    "programRoutines": [
      {
        "name": "comrak_nif::document_to_html_with_options"
      },
      {
        "name": "'Elixir.MDEx.Native':document_to_html_with_options/2"
      },
      {
        "name": "'Elixir.MDEx':to_html/1"
      }
    ],
    "repo": "https://github.com/leandrocp/mdex",
    "vendor": "leandrocp",
    "versions": [
      {
        "lessThan": "0.12.3",
        "status": "affected",
        "version": "0.11.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://github.com",
    "cpes": [
      "cpe:2.3:a:leandrocp:mdex:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "'Elixir.MDEx'",
      "comrak_nif"
    ],
    "packageName": "leandrocp/mdex",
    "packageURL": "pkg:github/leandrocp/mdex",
    "product": "mdex",
    "programFiles": [
      "native/comrak_nif/src/types/document.rs"
    ],
    "programRoutines": [
      {
        "name": "comrak_nif::document_to_html_with_options"
      },
      {
        "name": "'Elixir.MDEx.Native':document_to_html_with_options/2"
      },
      {
        "name": "'Elixir.MDEx':to_html/1"
      }
    ],
    "repo": "https://github.com/leandrocp/mdex",
    "vendor": "leandrocp",
    "versions": [
      {
        "lessThan": "6ed94d905f97af188323f042698ae841c02293b4",
        "status": "affected",
        "version": "81e4d14dd3aa5b206e395c7f372b9b413793015f",
        "versionType": "git"
      }
    ]
  },
  {
    "collectionURL": "https://repo.hex.pm",
    "cpes": [
      "cpe:2.3:a:leandrocp:mdex_native:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "'Elixir.MDExNative.Comrak'",
      "mdex_native_nif"
    ],
    "packageName": "mdex_native",
    "packageURL": "pkg:hex/mdex_native",
    "product": "mdex_native",
    "programFiles": [
      "native/mdex_native_nif/src/types/document.rs"
    ],
    "programRoutines": [
      {
        "name": "mdex_native_nif::document_to_html_with_options"
      },
      {
        "name": "'Elixir.MDExNative.Native':document_to_html_with_options/2"
      },
      {
        "name": "'Elixir.MDExNative.Comrak':document_to_html/2"
      }
    ],
    "repo": "https://github.com/leandrocp/mdex_native",
    "vendor": "leandrocp",
    "versions": [
      {
        "lessThan": "0.2.3",
        "status": "affected",
        "version": "0.1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://github.com",
    "cpes": [
      "cpe:2.3:a:leandrocp:mdex_native:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "'Elixir.MDExNative.Comrak'",
      "mdex_native_nif"
    ],
    "packageName": "leandrocp/mdex_native",
    "packageURL": "pkg:github/leandrocp/mdex_native",
    "product": "mdex_native",
    "programFiles": [
      "native/mdex_native_nif/src/types/document.rs"
    ],
    "programRoutines": [
      {
        "name": "mdex_native_nif::document_to_html_with_options"
      },
      {
        "name": "'Elixir.MDExNative.Native':document_to_html_with_options/2"
      },
      {
        "name": "'Elixir.MDExNative.Comrak':document_to_html/2"
      }
    ],
    "repo": "https://github.com/leandrocp/mdex_native",
    "vendor": "leandrocp",
    "versions": [
      {
        "lessThan": "cbd927fb5061b488de8d90a8ef6df65718ca1fe6",
        "status": "affected",
        "version": "956528c5e31746253347029e810a969ab916fd27",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/leandrocp/mdex_native/commit/cbd927fb5061b488de8d90a8ef6df65718ca1fe6
github	www.github.com/leandrocp/mdex_native/security/advisories/GHSA-cmvp-gp9f-23xw
cna	www.cna.erlef.org/cves/CVE-2026-53429.html
osv	www.osv.dev/vulnerability/EEF-CVE-2026-53429

29 Jun 2026 20:17Current

5.8Medium risk

Vulners AI Score5.8

CVSS 46.9

CWE-401