Medium6.1Red Hat Linux Updated
Cross-site scripting via incomplete URL scheme filtering
CVE-2026-59929 Published Jul 8, 2026Updated by vendor Jul 8, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
Cross-site scripting via incomplete URL scheme filtering. Red Hat rates this moderate (CVSS 6.1). Weakness: CWE-79.
Affected versions
- < 3.3.0
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- No dedicated mitigation is available beyond upgrading to Mistune 3.3.0 or later, which fully blocks all dangerous URL schemes in the safe_url filter. As a temporary workaround, applications can wrap Mistune output in an additional allow-list-based URL sanitizer before rendering untrusted Markdown content, or avoid rendering Markdown from untrusted/attacker-controlled sources.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.