Description
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram (and any other diagram type that routes user-controlled style strings through the createCssStyles parser) captures classDef values using an unrestricted regex that matches everything up to a newline. That value then flows unsanitized through addStyleClass() into createCssStyles() and is assigned to style.innerHTML, so a closing brace (}) in the value terminates the generated CSS selector and turns everything after it into a new CSS rule on the page. This enables page defacement, user tracking via url() callbacks, and DOM attribute exfiltration. This issue has been fixed in versions 10.9.6 and 11.15.0. If developers are unable to immediately upgrade, they can work around this issue by setting "securityLevel": "sandbox", which prevents the issue by rendering the mermaid diagram in a sandboxed <iframe>.
Published: 2026-05-22
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An older Mermaid version allows injection of arbitrary CSS via the classDef directive. The bug stems from a regex that accepts any characters up to a newline, causing unsanitized CSS to be injected into the page’s DOM. This can deface the user interface, embed tracking callbacks, and exfiltrate DOM attributes. The vulnerability is a form of code injection described by CWE‑94, leading to potential compromise of the page’s integrity and confidentiality.

Affected Systems

The issue affects mermaid‑js:mermaid in versions 10.9.5 and earlier, as well as releases 11.0.0‑alpha.1 through 11.12.0. This includes all applications that embed Mermaid diagrams from untrusted input unless they upgrade to the fixed releases 10.9.6 or 11.15.0.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity; no EPSS score is available, and it is not currently listed in the CISA KEV catalog. Attackers can exploit the flaw by supplying crafted Mermaid syntax that contains a closing brace and additional CSS, which can be delivered through any interface accepting diagram text, such as an editor or API. The vulnerability is mitigated by upgrading to a patched version or configuring the diagram engine with securityLevel set to sandbox, which renders the diagram in an isolated iframe and blocks the injection.

Generated by OpenCVE AI on May 22, 2026 at 23:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Mermaid library to version 10.9.6 or later (including 11.15.0) to include the injected‑CSS fix.
  • If upgrading is not immediately possible, configure Mermaid with "securityLevel":"sandbox" so diagrams are rendered in a sandboxed iframe.
  • Review all applications that generate or render Mermaid diagrams from untrusted input, ensuring the input is validated or sanitized to prevent injection of classDef styles.

Generated by OpenCVE AI on May 22, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xcj9-5m2h-648r Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
History

Fri, 22 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram (and any other diagram type that routes user-controlled style strings through the createCssStyles parser) captures classDef values using an unrestricted regex that matches everything up to a newline. That value then flows unsanitized through addStyleClass() into createCssStyles() and is assigned to style.innerHTML, so a closing brace (}) in the value terminates the generated CSS selector and turns everything after it into a new CSS rule on the page. This enables page defacement, user tracking via url() callbacks, and DOM attribute exfiltration. This issue has been fixed in versions 10.9.6 and 11.15.0. If developers are unable to immediately upgrade, they can work around this issue by setting "securityLevel": "sandbox", which prevents the issue by rendering the mermaid diagram in a sandboxed <iframe>.
Title Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-22T22:03:50.872Z

Reserved: 2026-04-17T12:59:15.739Z

Link: CVE-2026-41148

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T23:30:03Z

Weaknesses