GHSA-xcj9-5m2h-648r

Suggest an improvement
Source
https://github.com/advisories/GHSA-xcj9-5m2h-648r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-xcj9-5m2h-648r/GHSA-xcj9-5m2h-648r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xcj9-5m2h-648r
Aliases
  • CVE-2026-41148
Published
2026-05-11T19:36:41Z
Modified
2026-05-11T19:49:01.357085Z
Severity
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L CVSS Calculator
Summary
Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection
Details

Details

The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures classDef values with an unrestricted regex:

// packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83
<CLASSDEFID>[^\n]*   { this.popState(); return 'CLASSDEF_STYLEOPTS' }

The value passes unsanitized through addStyleClass() -> createCssStyles() -> style.innerHTML (mermaidAPI.ts:418). A } in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page.

PoC

stateDiagram-v2 
      classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")}

Live demo: https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU

Patches

This has been patched in:

Workarounds

Setting "securityLevel": "sandbox" will prevent this, by rendering the mermaid diagram in a sandboxed <iframe>.

Impact

Enables page defacement, user tracking via url() callbacks, and DOM attribute exfiltration via CSS :has() selectors.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T19:36:41Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "MODERATE",
    "nvd_published_at": null
}
References

Affected packages

npm / mermaid

Package

Name
mermaid
View open source insights on deps.dev
Purl
pkg:npm/mermaid

Affected ranges

Type
SEMVER
Events
Introduced
11.0.0-alpha.1
Fixed
11.15.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-xcj9-5m2h-648r/GHSA-xcj9-5m2h-648r.json"
last_known_affected_version_range 
"<= 11.14.0"

npm / mermaid

Package

Name
mermaid
View open source insights on deps.dev
Purl
pkg:npm/mermaid

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.9.6

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-xcj9-5m2h-648r/GHSA-xcj9-5m2h-648r.json"
last_known_affected_version_range 
"<= 10.9.5"