Description

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with commit 759bbc3e32073c3bc4e25969c132fc520eda2778.

INFO

Published Date :

2026-04-21T19:51:53.237Z

Last Modified :

2026-04-21T20:36:07.854Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40890 vulnerability.

Vendors Products
Gomarkdown
  • Markdown
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40890.

URL Resource
https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778 cve-icon cve-icon
https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact