Bug 2498153 (CVE-2026-59925)
| Summary: | CVE-2026-59925 mistune: Mistune: Denial of Service via crafted Markdown input | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | anthomas, ehelms, ggainey, jmitchel, jpasqual, juwatts, kshier, mhulan, nmoumoul, osousa, pcreech, rchan, rjohnson, smallamp, teagle, tmalecek |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Mistune, a Python Markdown parser. An attacker can exploit this vulnerability by providing specially crafted Markdown input containing long sequences of emphasis pairs. This can cause the parser to perform excessive computational work, leading to a denial of service (DoS) condition in the default Mistune parsing.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-07-08 17:02:20 UTC
|