CVE-2026-44899
Analyzed Analyzed - Analysis Complete
XSS via CSS Injection in Mistune Markdown Parser

Publication date: 2026-05-26

Last updated on: 2026-05-28

Assigner: GitHub, Inc.

Description
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inserts it directly into a style="width:...;" or style="height:...;" attribute. Because the value was accepted by the prefix-only regex, any CSS after the leading digits reaches the style= attribute verbatim and without escaping. This vulnerability is fixed in 3.2.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-44899
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mistune_project mistune to 3.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Mistune Python Markdown parser's Image directive plugin prior to version 3.2.1. The plugin validates the :width: and :height: options using a regex that only checks for a numeric prefix. If the value is not a plain integer but starts with digits followed by additional CSS code, this extra CSS is inserted directly into the style attribute without escaping. This allows untrusted CSS to be injected into the style attribute, potentially leading to security issues.

Impact Analysis

The vulnerability can allow an attacker to inject arbitrary CSS into the style attributes of images rendered by Mistune. This could lead to style manipulation on web pages, potentially affecting the appearance or behavior of the site. Although the CVSS score indicates a moderate impact (4.7), the vulnerability does not directly affect confidentiality or availability but can impact the integrity of the rendered content.

Mitigation Strategies

The vulnerability is fixed in Mistune version 3.2.1. Immediate mitigation involves upgrading the Mistune package to version 3.2.1 or later.

Compliance Impact

CVE-2026-44899 is a CSS injection vulnerability that allows attackers to inject arbitrary CSS into rendered HTML, potentially enabling phishing attacks and UI redressing.

Such vulnerabilities can lead to unauthorized manipulation of user interfaces and potentially expose users to malicious content, which may result in violations of data protection and privacy regulations like GDPR and HIPAA if personal data or user interactions are compromised.

Therefore, organizations using affected versions of Mistune may face compliance risks if this vulnerability is exploited, as it undermines the integrity and security of user-facing content.

Detection Guidance

This vulnerability involves the Mistune Markdown parser's Image directive plugin improperly validating :width: and :height: options, allowing CSS injection via style attributes.

To detect this vulnerability on your system, you can check the version of the Mistune package installed. Versions 3.2.0 and earlier are vulnerable, while version 3.2.1 includes the fix.

Suggested commands to detect the vulnerable Mistune version:

  • For Python environments, run: `pip show mistune` to display the installed version.
  • Alternatively, use: `pip freeze | grep mistune` to list the installed Mistune version.

To detect exploitation attempts on your network or system, monitor for unusual or suspicious Markdown content that includes image directives with :width: or :height: options containing CSS code beyond simple numeric values.

You can search logs or files for patterns matching image directives with suspicious style attributes, for example using grep:

  • grep -rE ':width:[^\d]' /path/to/markdown/files
  • grep -rE ':height:[^\d]' /path/to/markdown/files

These commands look for :width: or :height: options that do not start with a digit only, which may indicate attempts to inject CSS.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44899. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart