CVE-2026-59929 in mistune
Summary
by MITRE • 07/08/2026
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url filter in src/mistune/renderers/html.py blocks only javascript:, vbscript:, file:, and data: schemes, allowing legacy or chained schemes such as feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:, and res: to reach rendered href and src attributes and potentially execute script in affected user agents. This issue is fixed in version 3.3.0.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 07/08/2026
The mistune python markdown parser vulnerability represents a critical security flaw in web application input sanitization that enables cross-site scripting attacks through improper URL scheme filtering. This vulnerability affects versions prior to 3.3.0 and specifically targets the safe_url filter implementation within the html.py renderer module. The flaw demonstrates poor input validation practices where the security mechanism only blocks a limited set of known dangerous URL schemes while inadvertently allowing numerous legacy and potentially malicious schemes to bypass protection mechanisms.
The technical implementation of this vulnerability stems from an incomplete whitelist approach in the safe_url filter function located at src/mistune/renderers/html.py. While the filter correctly blocks javascript:, vbscript:, file:, and data: schemes, it fails to account for other URL schemes that can potentially execute code or trigger malicious behavior in modern browsers. The overlooked schemes include feed:, view-source:, jar:, livescript:, mocha:, ms-its:, mk:, and res: which can all be leveraged to construct malicious links that bypass the security checks. This represents a classic example of insufficient input validation where the security model assumes all dangerous schemes are known and explicitly blocked, rather than implementing a comprehensive approach that either allows only safe schemes or blocks all unsafe ones.
The operational impact of this vulnerability is significant as it allows remote attackers to inject malicious URLs into markdown content that gets rendered in web browsers. When users view documents containing crafted markdown with these bypassed URL schemes, the potentially malicious links can execute code within the context of the user's browser session. This creates opportunities for session hijacking, credential theft, and other client-side attacks that can compromise user data and system integrity. The vulnerability particularly affects applications that allow user-generated content processing through mistune parser, making it a widespread concern across web applications that utilize markdown rendering capabilities.
The security implications extend beyond simple XSS exploitation as certain URL schemes like view-source: and feed: can be used to craft sophisticated attacks that bypass traditional security measures. This vulnerability aligns with CWE-79 (Cross-Site Scripting) and CWE-20 (Improper Input Validation) categories, demonstrating how inadequate security controls in input sanitization can lead to serious exploitation opportunities. From an ATT&CK framework perspective, this represents a technique for initial access and privilege escalation through client-side exploitation methods that leverage browser rendering vulnerabilities.
Organizations should immediately upgrade to mistune version 3.3.0 or later to address this vulnerability, as the fix implements a more comprehensive URL scheme filtering approach that properly blocks all potentially dangerous schemes. Additionally, applications using mistune should implement additional security layers including content security policies, proper input sanitization at multiple levels, and regular security auditing of third-party libraries. The vulnerability highlights the importance of maintaining up-to-date dependencies and implementing robust security testing procedures to identify similar flaws in application code and library implementations.