1. Home
  2. CVE Database
  3. CVE-2026-49851
NONE · 0

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. When...

Vulnerability Description

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. When parsing Markdown containing many consecutive [ characters, parse_link_text repeatedly scans the input using a regex search inside a loop. Each iteration re-scans a large portion of the remaining string, resulting in quadratic-time behavior. An attacker-controlled Markdown input can therefore trigger excessive CPU usage with a very small payload. This vulnerability is fixed in 3.3.0.

Related Weaknesses (CWE)

CWE-770CWE-400CWE-407

References

FAQ

What is CVE-2026-49851?

CVE-2026-49851 is a documented vulnerability. Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. When...

How severe is CVE-2026-49851?

CVSS scoring is not yet available for CVE-2026-49851. Check NVD for updates.

Is there a patch for CVE-2026-49851?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.