Vendor
A vulnerability, CVE-2026-59930, in the Mistune markdown parser's TableOfContents directive creates predictable HTML heading IDs, enabling an attacker to inject content with colliding IDs for client-side content manipulation.