CPE
medium
advisory
CVE-2026-59928 Mistune block_parser: Quadratic-Time Parsing Leading to Denial of Service
1 CVECVE-2026-59928 identifies a vulnerability in the Mistune block_parser component where quadratic-time parsing of long lists of repeated reference-link definitions can be exploited by an attacker to cause a denial-of-service condition due to excessive resource consumption.
Mistune block_parser
denial-of-service
vulnerability
markdown-parser
1c
medium
advisory
Mistune Markdown Parser Vulnerability CVE-2026-59930 Allows HTML ID Collision
1 CVEA vulnerability, CVE-2026-59930, in the Mistune markdown parser's TableOfContents directive creates predictable HTML heading IDs, enabling an attacker to inject content with colliding IDs for client-side content manipulation.
Mistune
vulnerability
markdown
client-side
cve
1c