Critical Photon OS Security Update - PHSA-2026-5.0-0882

Updates of 'linux-esx', 'linux', 'python3-lxml', 'python3-mistune', 'ruby', 'python3', 'python3-mako', 'python3-ujson' packages of Photon OS have been released...

CVE-2026-44898

A flaw was found in Mistune, a Python Markdown parser. This vulnerability occurs in the rendertocul function, which is responsible for building a table-of-contents. An attacker can craft malicious heading text that, when processed, allows for the injection of arbitrary HTML tags, including script...

CVE-2026-44896

A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows a remote attacker to inject malicious code into web pages, leading to Cross-Site Scripting XSS. The issue arises from the renderfigure function, which improperly handles figclass and figwidth options by directly...

CVE-2026-44897

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing specially crafted input to the HTMLRenderer.heading function. This input, containing a double-quote character in the HTML heading's ID attribute, is not properly sanitized,...

CVE-2026-44708

A flaw was found in Mistune, a Python Markdown parser. The mistune math plugin improperly handles user-supplied content, such as inline and block math, by directly embedding it into the HTML output without proper HTML escaping. This vulnerability, which can lead to Cross-Site Scripting XSS, allow...

CVE-2026-44899

A flaw was found in Mistune, a Python Markdown parser. The Image directive plugin, responsible for handling image dimensions, improperly validates user-supplied input for width and height options. This allows a remote attacker to inject arbitrary CSS into style attributes, potentially leading to...

SUSE SLES16 Security Update : python-mistune (SUSE-SU-2026:21858-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21858-1 advisory. This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via...

openSUSE 16 Security Update : python-mistune (openSUSE-SU-2026:20827-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20827-1 advisory. This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted...

Security update for python-mistune (important)

openSUSE security update: security update for python-mistune ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20827-1 Rating: important References: bsc1264347 bsc1264750 bsc1264751 bsc1264752 bsc1264754 bsc1265052 bsc1265053 Cross-References:...

OPENSUSE-SU-2026:20827-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...

Mistune Image Directive CSS Injection Vulnerability

...

Mistune: XSS via unescaped figclass/figwidth in Figure directive

...

Linux Distros Unpatched Vulnerability : CVE-2026-44896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates...

Linux Distros Unpatched Vulnerability : CVE-2026-44897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id...

Linux Distros Unpatched Vulnerability : CVE-2026-44708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math $...$ and block math $$...$$ by...

Linux Distros Unpatched Vulnerability : CVE-2026-44899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a reg...

Linux Distros Unpatched Vulnerability : CVE-2026-44898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuple...

PYSEC-2026-168

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +704 more potentially affected by CVE-2026-44896 via mistune (>=0.7.3 <=3.2.0)

mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44896 Source advisory: OSV:PYSEC-2026-168...

PYSEC-2026-168

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...