Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

openSUSE Leap 16.0 Python-Mistune Moderate DoS XSS Fix 2026-21339-1

opensuse
Calendar Grey July 15, 2026
Dist Opensuse Esm H88
Update for python-mistune resolves 10 issues and includes critical fixes for DoS and XSS vulnerabilities.
An update that solves 10 vulnerabilities and has 9 bug fixes can now be installed.

Description

This update for python-mistune fixes the following issues

- CVE-2026-59922: quadratic-time parsing on long runs of some markers in `formatting.py` can lead to DoS (bsc#1271117).

- CVE-2026-59923: `HTMLRenderer.safe_url()` does not block percent-encoded javascript URIs and allows for XSS

(bsc#1271119).

- CVE-2026-59924: improper processing of user-supplied include paths in `Include.parse()` can lead to path traversal

and arbitrary file reads (bsc#1271121).

- CVE-2026-59925: quadratic-time parsing on long runs of some emphasis pairs in `inline_parser` can lead to DoS

(bsc#1271125).

- CVE-2026-59926: improper escaping in `render_admonition()` can lead to atribute injection and XSS (bsc#1271127).

- CVE-2026-59927: uncontrolled recursion when processing two markdown files that include each other can lead to a DoS

(bsc#1271128).

- CVE-2026-59928: quadratic-time parsing on long lists of repeated reference-link definitions in `block_parser` can

lead to DoS (bsc#1271131).

-...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

python313-mistune-3.1.3-160000.5.1

References

* bsc#1271082

* bsc#1271117

* bsc#1271119

* bsc#1271121

* bsc#1271125

* bsc#1271127

* bsc#1271128

* bsc#1271131

* bsc#1271132

References:

* https://www.suse.com/security/cve/CVE-2026-44896.html

* https://www.suse.com/security/cve/CVE-2026-59922.html

* https://www.suse.com/security/cve/CVE-2026-59923.html

* https://www.suse.com/security/cve/CVE-2026-59924.html

* https://www.suse.com/security/cve/CVE-2026-59925.html

* https://www.suse.com/security/cve/CVE-2026-59926.html

* https://www.suse.com/security/cve/CVE-2026-59927.html

* https://www.suse.com/security/cve/CVE-2026-59928.html

* https://www.suse.com/security/cve/CVE-2026-59929.html

* https://www.suse.com/security/cve/CVE-2026-59930.html

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21339-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.