Description
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. From 10.0.1 until 10.21.3, pymdownx.snippets uses a string-prefix containment check in SnippetPreprocessor.get_snippet_path() in pymdownx/snippets.py when `restrict_base_path: True`, allowing markdown snippet directives to read files from sibling paths that share the same base_path prefix, such as docs and docs_internal. This is a regression of CVE-2023-32309. This issue is fixed in version 10.21.3.
Published: 2026-07-16
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-62q4-447f-wv8h Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path
History

Thu, 16 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Facelessuser
Facelessuser pymdown Extensions
Vendors & Products Facelessuser
Facelessuser pymdown Extensions

Thu, 16 Jul 2026 18:45:00 +0000

Type Values Removed Values Added
Description PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. From 10.0.1 until 10.21.3, pymdownx.snippets uses a string-prefix containment check in SnippetPreprocessor.get_snippet_path() in pymdownx/snippets.py when `restrict_base_path: True`, allowing markdown snippet directives to read files from sibling paths that share the same base_path prefix, such as docs and docs_internal. This is a regression of CVE-2023-32309. This issue is fixed in version 10.21.3.
Title PyMdown Extensions: Regression in pymdownx.snippets reintroduces sibling-prefix path traversal bypass despite restrict_base_path
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}


Subscriptions

Facelessuser Pymdown Extensions
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-07-16T18:24:18.155Z

Reserved: 2026-05-13T18:37:30.990Z

Link: CVE-2026-46338

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-16T19:30:05Z

Weaknesses