Description
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserted into <a> tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs are derived from user-supplied heading text (the standard use-case for readable slug anchors), an attacker can craft a heading whose text breaks out of the href="#..." attribute context, injecting arbitrary HTML tags including <script> blocks directly into the rendered TOC. This vulnerability is fixed in 3.2.1.
Published: 2026-05-26
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missed HTML escaping in Mistune’s render_toc_ul() function, representing a CWE‑79 flaw. The function incorporates heading id and text into <a> tags using a plain format string. If a heading’s text contains special characters, the attacker can break out of the href attribute and inject arbitrary HTML, including <script> tags, into the rendered table‑of‑contents. This leads to client‑side script execution in any browser rendering the output, enabling XSS attacks against users who view the affected page.

Affected Systems

The defect affects all installations of the Mistune Markdown parser preceding version 3.2.1, which is distributed under the lepture:mistune code repository. Applications that employ this library to build tables of contents from user‑supplied Markdown are vulnerable unless they have been upgraded to 3.2.1 or later.

Risk and Exploitability

The issue carries a CVSS score of 6.1, indicating a moderate severity. EPSS is not available, so the exploitation probability is unknown, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is the provision of crafted Markdown content—an attacker can supply a malicious heading to any component that renders Markdown with a table of contents. As the flaw is a client‑side XSS, successful exploitation requires user interaction with the rendered page.

Generated by OpenCVE AI on May 26, 2026 at 23:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mistune to version 3.2.1 or later.
  • Ensure that all deployed instances use the updated library.
  • If an upgrade is not immediately possible, disable or remove the render_toc_ul() feature or sanitize heading IDs and labels before rendering.

Generated by OpenCVE AI on May 26, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6269-cqxg-mhhv Mistune TOC Anchor Injection XSS
History

Thu, 28 May 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Mistune Project
Mistune Project mistune
CPEs cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*
Vendors & Products Mistune Project
Mistune Project mistune

Wed, 27 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Lepture
Lepture mistune
Vendors & Products Lepture
Lepture mistune

Tue, 26 May 2026 21:15:00 +0000

Type Values Removed Values Added
Description Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used as href="#<id>") and the text value (used as the visible link label) are inserted into <a> tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs are derived from user-supplied heading text (the standard use-case for readable slug anchors), an attacker can craft a heading whose text breaks out of the href="#..." attribute context, injecting arbitrary HTML tags including <script> blocks directly into the rendered TOC. This vulnerability is fixed in 3.2.1.
Title Mistune TOC Anchor Injection XSS
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Lepture Mistune
Mistune Project Mistune
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-27T17:57:38.643Z

Reserved: 2026-05-07T21:50:33.546Z

Link: CVE-2026-44898

cve-icon Vulnrichment

Updated: 2026-05-27T17:57:15.703Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T21:16:39.810

Modified: 2026-05-28T13:42:13.527

Link: CVE-2026-44898

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T23:15:20Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')