CVE-2026-40890Out-of-bounds Read in Gomarkdown Markdown

CWE-125Out-of-bounds Read1 documents1 sources
Severity
HIGH
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Github.com Gomarkdown Markdown
Timeline
PublishedApr 14

Description

Go Markdown has an Out-of-bounds Read in SmartypantsRenderer ### Summary Processing a malformed input containing a `` character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. ### Details The `smartLeftAngle()` function in `html/smartypants.go:367-376` performs an out-of-bounds slice operation when processing a `` character anywhere in the remaining text. https://github.com/gomarkdown/markdown/blob/37c66b85d6ab025ba67a73ba03b7f3ef55859cca

Affected Packages1 packages

Gogithub.com/gomarkdown_markdown< 0.0.0-20260411013819-759bbc3e3207

🔴Vulnerability Details

1
GHSA
Go Markdown has an Out-of-bounds Read in SmartypantsRenderer2026-04-14