HomeCVE Intelligence › CVE-2026-33441
CVSS 7.5 HIGH Vulnerability

CVE-2026-33441: Mistune has a Denial-of-Service (DoS) vulnerability

Summary Denial-of-Service (DoS) vulnerability in the Mistune Markdown parser. The issue occurs when processing specially crafted reference links, which can cause excessive parsing and CPU consumption, leading to applica…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-33441
Vendorpip
Affected Productmistune
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary

Denial-of-Service (DoS) vulnerability in the Mistune Markdown parser. The issue occurs when processing specially crafted reference links, which can cause excessive parsing and CPU consumption, leading to application hangs. Function affected: parse_link_title() in helpers.py Issue: Malformed reference links cause excessive backtracking and parsing loops. Impact: Remote attackers can submit malicious Markdown to hang processes, causing service unavailability.

Details

`` Name: mistune Version: 3.2.0 Python version: Python 3.13.9 PIP version: pip 25.2 OS: Kali-linux-VERSION="2025.4" `

PoC

`` import mistune import base64 print("Exploit started....!") data = base64.b64decode( "WX5Efn5+RH5+fkRbIVt6XQoKW3q7XTpdOgoifn5+RFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxc

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-33441 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence