2 matches found
CVE-2026-41149
CVE-2026-41149 affects Mermaid state diagrams via improper sanitization of the classDef directive, allowing DOM injection that can escape the SVG context. Concrete details: vulnerable in Mermaid versions ≤10.9.5 and 11.0.0-alpha.1–11.14.0; fixed in 10.9.6 and 11.15.0. The issue is mitigated by st...
@8btc/excalidraw (>=0.18.0-beta.0 <=0.18.0-beta.4), @airmix/mcp-excalidraw-server (=1.0.6) +252 more potentially affected by CVE-2026-41149 via mermaid (>=0.2.16 <=10.9.5)
mermaid NPM version =0.2.16, =0.18.0-beta.0, =0.17.0-alkemio-1, =1.0.0, =0.18.3, =0.18.0, =0.0.1-BETA, =0.18.1, =1.1.4, =0.17.1, =0.0.19, =3.0.0, =0.0.12, =1.0.1, =1.5.0-rc3 and more Source cves: CVE-2026-41149 Source advisory: SNYK:JS-MERMAID-16642050...