CVE-2026-44898
Analyzed Analyzed - Analysis Complete
Cross-Site Scripting in Mistune Markdown Parser

Publication date: 2026-05-26

Last updated on: 2026-05-28

Assigner: GitHub, Inc.

Description
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserted into <a> tags via a plain Python format string β€” with no HTML escaping applied to either value. When heading IDs are derived from user-supplied heading text (the standard use-case for readable slug anchors), an attacker can craft a heading whose text breaks out of the href="#..." attribute context, injecting arbitrary HTML tags including <script> blocks directly into the rendered TOC. This vulnerability is fixed in 3.2.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-44898
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mistune_project mistune to 3.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Mistune, a Python Markdown parser, specifically in versions prior to 3.2.1. The function render_toc_ul() builds a table-of-contents (TOC) as an unordered list from tuples containing heading level, id, and text. Both the id and text values are inserted into anchor (&lt;a&gt;) tags using plain Python string formatting without any HTML escaping.

When heading IDs are generated from user-supplied heading text, an attacker can craft a heading that breaks out of the href attribute context in the anchor tag. This allows the injection of arbitrary HTML, including malicious &lt;script&gt; tags, directly into the rendered TOC, leading to cross-site scripting (XSS) attacks.

This issue was fixed in Mistune version 3.2.1 by applying proper escaping or sanitization.

Impact Analysis

This vulnerability can lead to cross-site scripting (XSS) attacks if an attacker is able to supply malicious heading text that gets rendered in the table of contents. Exploiting this, an attacker could execute arbitrary JavaScript in the context of users viewing the rendered Markdown content.

The impact includes potential theft of user credentials, session hijacking, defacement of content, or other malicious actions performed via injected scripts.

According to the CVSS score (6.1), the vulnerability is of medium severity with network attack vector, low attack complexity, no privileges required, but requires user interaction.

Mitigation Strategies

To mitigate this vulnerability, upgrade Mistune to version 3.2.1 or later, where the issue with unescaped HTML in render_toc_ul() is fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44898. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart