All 6 CVE vulnerabilities found in mistune, with AI-generated Chinese analysis, references, and POCs.
Vendor: lepture
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-44898 | Mistune TOC Anchor Injection XSS CWE-79 | 6.1 | Medium | 2026-05-26 |
| CVE-2026-44897 | Mistune Heading ID Attribute Injection XSS CWE-79 | 6.1 | Medium | 2026-05-26 |
| CVE-2026-44708 | Mistune Math Plugin XSS Escape Bypass CWE-79 | 6.1 | Medium | 2026-05-26 |
| CVE-2026-44899 | Mistune Image Directive CSS Injection Vulnerability CWE-79 | 4.7 | Medium | 2026-05-26 |
| CVE-2026-44896 | Mistune: XSS via unescaped figclass/figwidth in Figure directive CWE-79 | - | - | 2026-05-26 |
| CVE-2026-33079 | Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles CWE-1333 | 7.5AI | HighAI | 2026-05-06 |
All 6 known CVE vulnerabilities affecting mistune with full Chinese analysis, references, and POCs where available.