Description
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer. Version 3.2.1 contains a patch.
Published: 2026-05-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, the render_figure() function concatenates the figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer. Version 3.2.1 contains a patch.

Affected Systems

The vulnerability affects Lepture Mistune, version 3.2.0 and earlier, which is widely used to render Markdown content in Python web applications.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the combination of user‑controlled Markdown input and the lack of escaping means that an attacker who can supply malicious figure directives can run arbitrary scripts in a victim's browser. The EPSS score is < 1%, indicating a low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog, but any web application rendering user‑supplied Markdown with Mistune exposes a realistic XSS vector. The primary attack vector is a crafted Markdown document that includes a figure directive with specially crafted figclass or figwidth values.

Generated by OpenCVE AI on June 9, 2026 at 01:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mistune to the latest released version that includes the escape fix.
  • Disable or remove the figure directive from Markdown allowed syntax if the feature is not required.
  • Sanitize or escape user‑supplied Markdown before rendering, ensuring that figclass and figwidth values are not inserted unsafely.

Generated by OpenCVE AI on June 9, 2026 at 01:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-58cw-g322-p94v Mistune has XSS via unescaped figclass/figwidth in Figure directive
History

Mon, 08 Jun 2026 23:45:00 +0000

Type Values Removed Values Added
Description Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer. Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer. Version 3.2.1 contains a patch.
References

Thu, 28 May 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Mistune Project
Mistune Project mistune
CPEs cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*
Vendors & Products Mistune Project
Mistune Project mistune
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Wed, 27 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Lepture
Lepture mistune
Vendors & Products Lepture
Lepture mistune

Tue, 26 May 2026 21:15:00 +0000

Type Values Removed Values Added
Description Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when HTMLRenderer(escape=True) is used, because these values bypass the inline renderer.
Title Mistune: XSS via unescaped figclass/figwidth in Figure directive
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Lepture Mistune
Mistune Project Mistune
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-08T23:34:02.448Z

Reserved: 2026-05-07T21:50:33.546Z

Link: CVE-2026-44896

cve-icon Vulnrichment

Updated: 2026-05-27T13:18:49.782Z

cve-icon NVD

Status : Modified

Published: 2026-05-26T21:16:39.477

Modified: 2026-06-09T00:16:53.777

Link: CVE-2026-44896

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T01:30:26Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')