Description
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inserts it directly into a style="width:...;" or style="height:...;" attribute. Because the value was accepted by the prefix-only regex, any CSS after the leading digits reaches the style= attribute verbatim and without escaping. This vulnerability is fixed in 3.2.1.
Published: 2026-05-26
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from Mistune's image directive plugin accepting width or height parameters that begin with numeric values but allow additional characters. The plugin inserts these values directly into a style attribute without escaping. Consequently any CSS appended after the numeric prefix is rendered verbatim, allowing an attacker to inject arbitrary CSS into the resulting image element.

Affected Systems

Any Python application that imports Mistune prior to version 3.2.1 and uses the image directive plugin is affected. The vendor is Lepture, product Mistune. All releases before 3.2.1 are susceptible.

Risk and Exploitability

The CVSS score of 4.7 indicates a moderate impact. EPSS is not available and the vulnerability is not listed in CISA KEV. Exploitation is straightforward: by supplying crafted Markdown containing an image directive with a malicious width or height value, an attacker can cause the parser to output an image element with a style attribute that contains injected CSS. The flaw can be triggered remotely through any user‑supplied Markdown processed by the vulnerable parser, requiring no additional privileges. The potential damage is confined to client‑side page rendering and may affect confidentiality, integrity, or availability of the user’s browser context. Based on the description, it is inferred that cross‑site scripting could be possible when combined with other browser features, but this is not explicitly confirmed.

Generated by OpenCVE AI on May 26, 2026 at 23:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mistune to version 3.2.1 or later, which removes the vulnerable regex and sanitizes width and height values.
  • If upgrading is not immediately possible, replace the image directive plugin’s regex with one that strictly allows only integer dimensions, e.g. r"^\\d+$".
  • Restrict the use of the image directive plugin to trusted content or sanitize all Markdown before rendering to prevent the injection of malicious attributes.

Generated by OpenCVE AI on May 26, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-ccfx-mfmx-2fx9 Mistune Image Directive CSS Injection Vulnerability
History

Thu, 28 May 2026 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Mistune Project
Mistune Project mistune
CPEs cpe:2.3:a:mistune_project:mistune:*:*:*:*:*:*:*:*
Vendors & Products Mistune Project
Mistune Project mistune

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Lepture
Lepture mistune
Vendors & Products Lepture
Lepture mistune

Tue, 26 May 2026 21:15:00 +0000

Type Values Removed Values Added
Description Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^\d+(?:\.\d*)?"). When the validated value is not a plain integer, render_block_image() inserts it directly into a style="width:...;" or style="height:...;" attribute. Because the value was accepted by the prefix-only regex, any CSS after the leading digits reaches the style= attribute verbatim and without escaping. This vulnerability is fixed in 3.2.1.
Title Mistune Image Directive CSS Injection Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

Lepture Mistune
Mistune Project Mistune
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-27T13:31:02.744Z

Reserved: 2026-05-07T21:50:33.546Z

Link: CVE-2026-44899

cve-icon Vulnrichment

Updated: 2026-05-27T13:28:52.303Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-26T21:16:39.953

Modified: 2026-05-28T13:38:38.980

Link: CVE-2026-44899

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T23:15:20Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')