Description
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0.
Published: 2026-05-29
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mermaid accepts configuration values that influence the appearance of its diagrams. In versions prior to 10.9.6 and 11.15.0, the default configuration permits the injection of CSS through the fontFamily, themeCSS, and altFontFamily options. This unsanitized CSS is processed by stylis, which can expose the styling instructions beyond the diagram’s scope, enabling style injection that can modify arbitrary page elements, define global @font-face or @keyframes rules, and exploit CSS :has() selectors for data exfiltration. The result is the ability to deface the page or extract attribute values, compromising the visual integrity and potentially the confidentiality of page content.

Affected Systems

The vulnerability affects the Mermaid JavaScript diagramming library. Versions earlier than 10.9.6 (any 10.x release) and earlier than 11.15.0 (any 11.x release) are impacted. Upgrading to 10.9.6 or later 11.15.0 eliminates the flaw.

Risk and Exploitability

The CVSS score of 5.3 places the issue in the medium severity range. EPSS is unavailable, and the vulnerability is not listed in CISA KEV, indicating no known widespread exploitation. The likely attack vector is via an untrusted Mermaid configuration supplied to the rendering engine, such as through user‑generated Mermaid source embedded on a web page. An attacker would need to supply malicious configuration to trigger the injection, after which the injected CSS can deface the page or exfiltrate attribute data. While the vulnerability does not provide arbitrary code execution, the impact on trust and visual integrity is significant for applications that rely on Mermaid.

Generated by OpenCVE AI on May 29, 2026 at 15:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Mermaid library to version 10.9.6 or later, or 11.15.0 or later to apply the fix.
  • If updating is not immediately possible, disable or sanitize the fontFamily, themeCSS, and altFontFamily configuration options before passing data to Mermaid.
  • Validate and sanitize any user‑supplied Mermaid configuration input to remove or neutralize CSS injection attempts.

Generated by OpenCVE AI on May 29, 2026 at 15:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-87f9-hvmw-gh4p Mermaid: Improper sanitization of configuration leads to CSS injection
History

Fri, 29 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0.
Title Mermaid: Improper sanitization of configuration leads to CSS injection
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-29T15:02:56.459Z

Reserved: 2026-04-17T16:34:45.524Z

Link: CVE-2026-41159

cve-icon Vulnrichment

Updated: 2026-05-29T15:02:48.026Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-29T15:16:22.813

Modified: 2026-05-29T16:25:57.843

Link: CVE-2026-41159

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:45:16Z

Weaknesses