CVE-2026-44899 lepture CVE debrief

Who should care

Organizations using Mistune to render untrusted Markdown content in web applications; security teams monitoring Python package dependencies; developers implementing Markdown processing pipelines; compliance teams tracking XSS remediation in content management systems

Technical summary

The vulnerability stems from a prefix-only regular expression validation in `mistune/directives/image.py`. The `_num_re` pattern `^d+(?:.d*)?` accepts strings beginning with numeric characters without enforcing complete match or sanitizing trailing content. When `render_block_image()` constructs HTML output, validated values are interpolated directly into `style` attributes without HTML entity encoding or CSS escaping. This permits injection of arbitrary CSS properties and potentially JavaScript execution through style-based vectors. The fix in 3.2.1 likely implements stricter validation or proper escaping of directive option values.

Defensive priority

medium

Recommended defensive actions

• Upgrade Mistune to version 3.2.1 or later to obtain the security fix
• Review applications rendering user-supplied Markdown with Mistune for suspicious image directives containing style-breaking payloads
• Implement Content Security Policy (CSP) headers to mitigate impact of style-based injection vectors
• Consider additional output encoding or HTML sanitization layers for rendered Markdown content in security-sensitive contexts
• Audit logs for unusual image directive parameters containing semicolons, parentheses, or JavaScript protocol handlers in width/height fields

Evidence notes

Vulnerability confirmed through GitHub Security Advisory GHSA-ccfx-mfmx-2fx9 and Mistune release notes. The fix in version 3.2.1 addresses the insufficient input validation. CWE-79 (Improper Neutralization of Input During Web Page Generation) classified as primary weakness. No known exploitation in the wild as of CVE publication date.

Official resources