MEDIUM
facelessuser
CVE published 2026-07-16
CVE-2026-46338
CVE-2026-46338 is a vulnerability in PyMdown Extensions, a set of extensions for the Python-Markdown markdown project. The issue, fixed in version 10.21.3, allows markdown snippet directives to read files from sibling paths with the same base_path prefix when `restrict_base_path: True`. This is a regression of CVE-2023-32309. Affected users should review and restrict base paths for markdown snippet direct [truncated]