Alerts This Week
Warning Icon 1 975
Alerts This Week
Warning Icon 1 975

Key Update on SUSE Python-Mistune Regarding Denial of Service XSS Issue

suse
Calendar Grey June 1, 2026
Dist Suse Esm H88
Update addresses multiple vulnerabilities in python-mistune on SUSE Linux, including denial of service and XSS risks.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for python-mistune fixes the following issues * CVE-2026-33079: ReDoS in `LINK_TITLE_RE` can lead to denial of service via a crafted Markdown (bsc#1264347). * CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service (bsc#1264752). * CVE-2026-44708: improper HTML escaping in the math plugin can lead to XSS (bsc#1264751). * CVE-2026-44896: improper escaping in `render_figure` can lead to attribute injection and XSS (bsc#1264754). * CVE-2026-44897: improper sanitization of user-controlled input in `HTMLRenderer.heading` can lead to XSS (bsc#1264750). * CVE-2026-44898: improper sanitization of user-supplied HTML input in `render_toc_ul` can lead to XSS (bsc#1265052).

Topics%20covered

Topics Covered

security advisory denial of service SuSE XSS important python-mistune

References

* bsc#1264347

* bsc#1264750

* bsc#1264751

* bsc#1264752

* bsc#1264754

* bsc#1265052

* bsc#1265053

Cross-

* CVE-2026-33079

* CVE-2026-33441

* CVE-2026-44708

* CVE-2026-44896

* CVE-2026-44897

* CVE-2026-44898

* CVE-2026-44899

CVSS scores:

* CVE-2026-33079 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-33079 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-33079 ( NVD ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2026-33441 ( SUSE ): 8.7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21858-1
Release Date: 2026-05-28T12:08:36Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SuSE XSS important python-mistune

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here