5 matches found
CVE-2026-44896
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...
a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +704 more potentially affected by CVE-2026-44896 via mistune (>=0.7.3 <=3.2.0)
mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44896 Source advisory: OSV:PYSEC-2026-168...
CVE-2026-44896 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
SUSE CVE-2026-44896
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...
a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +704 more potentially affected by CVE-2026-44896 via mistune (>=0.7.3 <=3.2.0)
mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44896 Source advisory: OSV:GHSA-58CW-G322-P94V...