CVE-2026-35201 — MEDIUM (5.9)

Q: How severe is CVE-2026-35201?

CVE-2026-35201 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-35201?

Check the references section above for vendor advisories and patch information. Affected products include: Dafoster Rdiscount.

Vulnerability Description

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dafoster	Rdiscount	>= 1.3.1.1, < 2.2.7.4

Related Weaknesses (CWE)

CWE-125

References

https://github.com/davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrcVendor AdvisoryExploit

FAQ

What is CVE-2026-35201?

CVE-2026-35201 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse ...

How severe is CVE-2026-35201?

CVE-2026-35201 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-35201?

Check the references section above for vendor advisories and patch information. Affected products include: Dafoster Rdiscount.