Resource exhaustion in Lepture Mistune
CVE-2026-49851
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear (approximately O(n²)) behavior in parse_link_text. When parsing Markdown containing many conse…
Vulnerability class: DoS (Denial of Service)
Affected products
- Lepture Mistune — versions < 3.3.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)