๐Ÿ” CVE Alert

CVE-2026-46338

MEDIUM 4.3

PyMdown Extensions: Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. From 10.0.1 until 10.21.3, pymdownx.snippets uses a string-prefix containment check in SnippetPreprocessor.get_snippet_path() in pymdownx/snippets.py when `restrict_base_path: True`, allowing markdown snippet directives to read files from sibling paths that share the same base_path prefix, such as docs and docs_internal. This is a regression of CVE-2023-32309. This issue is fixed in version 10.21.3.

CWE CWE-22
Vendor facelessuser
Product pymdown-extensions
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for facelessuser pymdown-extensions

Be the first to know when new medium vulnerabilities affecting facelessuser pymdown-extensions are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Affected Versions

facelessuser / pymdown-extensions
>= 10.0.1, < 10.21.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-62q4-447f-wv8h github.com: https://github.com/facelessuser/pymdown-extensions/commit/63b7835776d703d6c339cf2110d9888f676efc0c github.com: https://github.com/facelessuser/pymdown-extensions/releases/tag/10.21.3