Medium6.1Red Hat Linux Updated
Arbitrary code execution through crafted Markdown links
CVE-2026-59923 Published Jul 8, 2026Updated by vendor Jul 8, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Arbitrary code execution through crafted Markdown links. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-79.
Affected versions
- < 3.3.0
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Applications that render user-supplied Markdown with mistune can pass the HTML output through a dedicated HTML sanitizer such as bleach or nh3 before serving it to users. This removes dangerous URI schemes regardless of encoding.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.