CVE-2026-33079

high Red Hat
CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 94% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: May 6, 2026 (64 days ago)
Last Modified: May 6, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Mistune, a Markdown parser. This vulnerability, known as Regular Expression Denial of Service (ReDoS), exists in the `LINK_TITLE_RE` regular expression. A remote attacker can exploit this by providing specially crafted Markdown input, which causes the regular expression engine to engage in catastrophic backtracking. This leads to significant CPU consumption, making applications that use Mistune unresponsive and resulting in a Denial of Service.

CWE

CWE-1333

Affected Products

Migration Toolkit for Applications 8Red Hat OpenShift AI (RHOAI)Red Hat Satellite 6

References