Alerts This Week
Warning Icon 1 1,308
Alerts This Week
Warning Icon 1 1,308

openSUSE Leap 16.0 python-mistune Important XSS DoS Fix 2026-20827-1

opensuse
Calendar Grey May 29, 2026
Dist Opensuse Esm H88
This update resolves 7 important vulnerabilities in python-mistune for openSUSE Leap 16.0 and ensures enhanced security.
An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.

Description

This update for python-mistune fixes the following issues

- CVE-2026-33079: ReDoS in `LINK_TITLE_RE` can lead to denial of service via a crafted Markdown (bsc#1264347).

- CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of

service (bsc#1264752).

- CVE-2026-44708: improper HTML escaping in the math plugin can lead to XSS (bsc#1264751).

- CVE-2026-44896: improper escaping in `render_figure` can lead to attribute injection and XSS (bsc#1264754).

- CVE-2026-44897: improper sanitization of user-controlled input in `HTMLRenderer.heading` can lead to XSS

(bsc#1264750).

- CVE-2026-44898: improper sanitization of user-supplied HTML input in `render_toc_ul` can lead to XSS (bsc#1265052).

- CVE-2026-44899: improper input verification in Image directive plugin and improper escaping in `render_block_image`

can lead to CSS injection (bsc#1265053).

Patch instructions:

To install this openSUSE security update use the suse...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service XSS important OpenSUSE python-mistune

Patch

Package List

- openSUSE Leap 16.0:

python313-mistune-3.1.3-160000.3.1

References

* bsc#1264347

* bsc#1264750

* bsc#1264751

* bsc#1264752

* bsc#1264754

* bsc#1265052

* bsc#1265053

References:

* https://www.suse.com/security/cve/CVE-2026-33079.html

* https://www.suse.com/security/cve/CVE-2026-33441.html

* https://www.suse.com/security/cve/CVE-2026-44708.html

* https://www.suse.com/security/cve/CVE-2026-44896.html

* https://www.suse.com/security/cve/CVE-2026-44897.html

* https://www.suse.com/security/cve/CVE-2026-44898.html

* https://www.suse.com/security/cve/CVE-2026-44899.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20827-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory denial of service XSS important OpenSUSE python-mistune

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here