Multiple security vulnerabilities have been identified in ratex-parser. The overall risk/impact is significant, with affected versions prior to 0.1.11 vulnerable to denial-of-service attacks and potential crashes due to untrusted LaTeX input.
CVE-2026-53530 (CVSS 8.7 — High): The vulnerability is a panic on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice), affecting the ratex-parser component, exploited by an attacker through untrusted LaTeX input, resulting in a hard denial of service for any service that renders untrusted LaTeX.[/subscribe_to_unlock_form]
Multiple security vulnerabilities have been identified in ratex-parser. The overall risk/impact is significant, with affected versions prior to 0.1.11 vulnerable to denial-of-service attacks and potential crashes due to untrusted LaTeX input.
CVE-2026-53530 (CVSS 8.7 — High): The vulnerability is a panic on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice), affecting the ratex-parser component, exploited by an attacker through untrusted LaTeX input, resulting in a hard denial of service for any service that renders untrusted LaTeX.[emaillocker id="1283"]
CVE-2026-53531 (CVSS 6.9 — Medium): The vulnerability is an unbounded parser recursion leading to stack overflow, affecting the ratex-parser component, exploited by an attacker through crafted input, potentially causing process abort and resulting in a denial-of-service attack. These vulnerabilities collectively present a significant risk to applications that render untrusted LaTeX through RaTeX. These vulnerabilities collectively present a significant risk to applications that render untrusted LaTeX through RaTeX.
These vulnerabilities collectively present a significant risk to applications that render untrusted LaTeX through RaTeX.
We recommend you to update ratex-parser to version 0.1.11.
The following reports contain further technical details:
[/emaillocker]