Medium5.4Red Hat Linux Updated
Cross-Site Scripting via unescaped HTML class attribute in Admonition directive
CVE-2026-59926 Published Jul 8, 2026Updated by vendor Jul 8, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Cross-Site Scripting via unescaped HTML class attribute in Admonition directive. Red Hat rates this moderate (CVSS 5.4). Weakness: CWE-79.
Affected versions
- < 3.2.1
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- To mitigate this issue, avoid processing untrusted or unvalidated Markdown content with affected versions of the Mistune library. Implement robust input validation and sanitization for any user-provided Markdown before rendering to prevent the injection of malicious attributes or scripts.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.