Vendor
The Mistune Python Markdown parser is vulnerable to a CPU exhaustion Denial of Service (DoS) attack, identified as CVE-2026-49851, due to a superlinear (O(n²)) parsing behavior in the `parse_link_text` function when processing specially crafted input containing repeated square brackets, allowing an attacker to significantly degrade application performance with a small payload.