PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44898 lepture CVE debrief

Mistune is a Python Markdown parser with renderers and plugins. Prior to version 3.2.1, the render_toc_ul() function constructs a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href=&#34;#<id>&#34;) and the text value (used as the visible link label) are inserted into <a> tags via a plain Python format string without HTML escaping. When heading IDs are derived from user-supplied heading text—the standard use-case for readable slug anchors—an attacker can craft a heading whose text breaks out of the href=&#34;#...&#34; attribute context, injecting arbitrary HTML tags including <script> blocks directly into the rendered TOC. This vulnerability is fixed in version 3.2.1.

Vendor
lepture
Product
mistune
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-26
Original CVE updated
2026-05-27
Advisory published
2026-05-26
Advisory updated
2026-05-27

Who should care

Organizations using Mistune to render Markdown content from untrusted sources, particularly those exposing table-of-contents functionality to end users. Web application developers and security teams maintaining Python-based content management systems, documentation platforms, or any application that processes user-generated Markdown with TOC generation enabled.

Technical summary

The render_toc_ul() function in Mistune prior to 3.2.1 constructs table-of-contents HTML using unescaped id and text values in Python format strings. An attacker can inject arbitrary HTML, including script tags, by crafting malicious heading text that breaks out of the href attribute context. This is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation).

Defensive priority

MEDIUM

Recommended defensive actions

  • Upgrade Mistune to version 3.2.1 or later to remediate this vulnerability.
  • Review applications using Mistune's render_toc_ul() function to identify any rendered table-of-contents output that may have been generated from untrusted Markdown content.
  • Implement Content Security Policy (CSP) headers as a defense-in-depth measure to mitigate the impact of any stored XSS payloads.
  • Audit custom heading ID generation logic to ensure proper sanitization of user-supplied heading text before it is used as anchor identifiers.

Evidence notes

The CVE description and NVD record confirm that the vulnerability exists in Mistune versions prior to 3.2.1, with the root cause being unescaped insertion of id and text values into HTML attributes via Python format strings. The fix is available in version 3.2.1 per the GitHub release and security advisory.

Official resources

2026-05-26