CVE ReportsCVE-2026-49851: Algorithmic Complexity Denial of Service in Mistune Markdown...
Vulnerability ID: CVE-2026-49851
CVSS Score: 7.5
Published: 2026-07-09
CVE-2026-49851 is a high-severity algorithmic complexity vulnerability in the Mistune Markdown parser. Under specific conditions involving dense, unmatched nesting of opening square brackets, the parser fallback loops degrade from linear execution time to a worst-case quadratic complexity. This allows unauthenticated remote attackers to trigger complete CPU exhaustion and subsequent Denial of Service with a highly compact payload.
An algorithmic complexity degradation in the Mistune Markdown parser allows unauthenticated remote attackers to exhaust CPU resources and cause a persistent denial of service via malformed nested bracket sequences.
3.3.0)First optimization sweep aiming to skip scanned bracket positions on parsing failure.
Implemented high-water mark optimization tracking no_close_bracket_before limits.
Complete architecture rewrite implementing the linear bracket map cache.
Remediation Steps:
Read the full report for CVE-2026-49851 on our website for more details including interactive diagrams and full exploit analysis.