fittrackee (>=1.2.0 <=1.3.0b3), mein-et-projekt (=0.1.0) +2 more potentially affected by CVE-2026-44899 via mistune (=3.2.0)

mistune PYPI version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on mistune and may be impacted: - fittrackee =1.2.0, =2.19.0, =2.20.4 - uniovi-simur-wearablepermed-pipeline-step-counting =1.2.3 Source cves: CVE-2026-44899 Source advisory:...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-44899 via mistune (>=3.0.0 <=3.2.0)

mistune PYPI version =3.0.0, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44899 Source advisory: SNYK:PYTHON-MISTUNE-16697357...

SUSE CVE-2026-44899

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". When the validated value is not a plain integer, renderblockimage inserts it directly int...