CVE-2026-44898: Mistune TOC Anchor Injection XSS

Overview

Severity
Medium (CVSS 6.1)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P
Exploit Status
Not Exploited
Patch Tuesday
2026-May
Released
2026-05-28
Last Updated
2026-06-02
EPSS Score
0.23% (percentile: 13.5%)

Affected Products (1)

Open Source Software

  • azl3 python-mistune 3.0.2-1 on Azure Linux 3.0

Revision History

  • 2026-05-28: Information published.
  • 2026-06-02: Information published.