CVE-2026-41159— Mermaid: Improper sanitization of configuration leads to CSS injection
Possible ATT&CK Techniques 1AI
T1059 · Command and Scripting InterpreterAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mermaid-js | mermaid | >= 11.0.0-alpha.1, < 11.15.0 | affected |
< 10.9.6 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41159
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mermaid: Improper sanitization of configuration leads to CSS injection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| mermaid-js | mermaid | >= 11.0.0-alpha.1, < 11.15.0 | - |
II. Public POCs for CVE-2026-41159
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41159
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-41159 (1)
- 🔗 Page not found · GitHub · GitHubx_refsource_MISC
Vendor Advisories for CVE-2026-41159 (1)
Vendor Pages for CVE-2026-41159 (2)
- 🔗 Release v10.9.6 · mermaid-js/mermaid · GitHubx_refsource_MISC
- 🔗 Release mermaid@11.15.0 · mermaid-js/mermaid · GitHubx_refsource_MISC
IV. Related Vulnerabilities
Same product: mermaid
- CVE-2026-41150
Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS - CVE-2026-41149
Mermaid: Improper sanitization of `classDef` in state diagra - CVE-2026-41148
Mermaid: Improper sanitization of `classDefs` in diagrams le - CVE-2025-54881
Mermaid improperly sanitizes of sequence diagram labels lead - CVE-2025-54880
Mermaid does not properly sanitize architecture diagram icon
Same vendor: mermaid-js
- CVE-2026-41150
Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS - CVE-2026-41149
Mermaid: Improper sanitization of `classDef` in state diagra - CVE-2026-41148
Mermaid: Improper sanitization of `classDefs` in diagrams le - CVE-2025-54881
Mermaid improperly sanitizes of sequence diagram labels lead - CVE-2025-54880
Mermaid does not properly sanitize architecture diagram icon
Same weakness: CWE-94
- CVE-2026-44287
FastGPT: sandbox escape to RCE - code-sandbox regex /\bimpor - CVE-2026-45697
Formie: Pre-authenticated server-side template injection in - CVE-2026-44698
Home Assistant: Cross-origin iframe access token exfiltratio - CVE-2026-45555
Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execut - CVE-2026-43898
SandboxJS: Sandbox escape via Function.caller leakage of int
V. Comments for CVE-2026-41159
No comments yet