CVE-2026-53428
Deferred Deferred - Pending Action

Memory Allocation DoS in mdex

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: EEF

Description
Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comrak_nif::lumis_adapter::LumisAdapter::parse_highlight_lines in native/comrak_nif/src/lumis_adapter.rs eagerly expands a user-controlled inclusive line range from a fenced code block's highlight_lines decorator into a Vec<usize>, pushing one element per integer in the range with no upper bound on the range size. An attacker who can supply Markdown that an application renders with MDEx.to_html/2 (for example a comment, chat message, or wiki page) can embed a code block whose info string is rust highlight_lines="1-100000000", forcing the native adapter to allocate roughly 8 bytes per line in the range. A payload that differs by only a few bytes can therefore allocate hundreds of megabytes, and a sufficiently large range (for example 1-2000000000) exhausts host memory and aborts the BEAM, denying service to every user of the rendering process. The per-line write loop additionally tests membership with a linear scan over the same vector, degrading rendering to a quadratic cost even for ranges that do not immediately exhaust memory. The vulnerable native code originally shipped inside mdex (in native/comrak_nif/src/lumis_adapter.rs) and was later extracted into the separate mdex_native package (native/mdex_native_nif/src/lumis_adapter.rs), where it remains unpatched. This issue affects mdex from 0.11.0 before 0.12.3, and mdex_native from 0.1.0 before 0.2.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-30
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-53428
EUVD
EUVD-2026-40175

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
leandrocp mdex From 0.11.0 (inc) to 0.12.3 (exc)
leandrocp mdex_native to 0.2.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-53428 is a memory allocation vulnerability in the mdex and mdex_native packages, part of the Erlang Ecosystem. It occurs when processing user-controlled line ranges in Markdown code blocks using the highlight_lines decorator.

The vulnerable code eagerly expands a user-supplied inclusive line range into a vector without any upper bound on the range size. For example, an attacker can embed a code block with highlight_lines="1-100000000", causing the system to allocate hundreds of megabytes of memory.

This unbounded memory allocation can exhaust host memory and crash the BEAM virtual machine, resulting in a denial of service. The vulnerability affects mdex versions before 0.12.3 and mdex_native versions before 0.2.3.

Exploitation requires specific render options to be enabled, such as github_pre_lang, full_info_string, and an inline syntax-highlight formatter. Disabling these options can serve as a workaround.

Impact Analysis

This vulnerability can cause a denial of service by exhausting the host system's memory resources.

An unauthenticated attacker can supply malicious Markdown input with an excessively large highlight_lines range, forcing the system to allocate massive amounts of memory.

This can crash the BEAM virtual machine, making the rendering process unavailable to all users and degrading system performance due to quadratic cost in processing.

Detection Guidance

This vulnerability involves unbounded memory allocation triggered by processing Markdown code blocks with excessively large highlight_lines ranges. Detection involves monitoring for unusually high memory usage or crashes in the BEAM virtual machine when rendering Markdown content.

Since the vulnerability is triggered by specific Markdown input, detection can include inspecting logs or inputs for fenced code blocks containing the highlight_lines decorator with very large ranges, such as highlight_lines="1-100000000".

There are no explicit commands provided in the resources for detection, but general approaches include:

  • Monitoring system memory usage and BEAM process stability for signs of exhaustion or crashes.
  • Searching application logs or user inputs for Markdown code blocks with highlight_lines ranges exceeding normal values.
  • Using tools to analyze or filter Markdown inputs before rendering to detect suspicious highlight_lines ranges.
Mitigation Strategies

Immediate mitigation steps include disabling the rendering options that enable parsing of the highlight_lines decorator, specifically:

  • Disable github_pre_lang option.
  • Disable full_info_string option.
  • Disable or avoid using an inline syntax-highlight formatter.

These workarounds prevent the vulnerable code from parsing and expanding the highlight_lines ranges, thus avoiding unbounded memory allocation.

Additionally, upgrading to patched versions of the packages is recommended:

  • Upgrade mdex to version 0.12.3 or later.
  • Upgrade mdex_native to version 0.2.3 or later.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53428. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart