← Back
2026-05-29 13:53CVE-2026-41159GitHub_M
PUBLISHED5.2CWE-94

Mermaid: Improper sanitization of configuration leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0.

Problem type

Affected products

mermaid-js

mermaid

>= 11.0.0-alpha.1, < 11.15.0 - AFFECTED

< 10.9.6 - AFFECTED

References

https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p

https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p

x_refsource_CONFIRM
https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76

https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76

x_refsource_MISC
https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0

https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0

x_refsource_MISC
https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6

https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6

x_refsource_MISC

GitHub Security Advisories

GHSA-87f9-hvmw-gh4p

Mermaid: Improper sanitization of configuration leads to CSS injection

https://github.com/advisories/GHSA-87f9-hvmw-gh4p

Impact

Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options.

Live demo: mermaid.live

Example code:

%%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%%
flowchart LR
    A --> B

The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level.

This allows page defacement and DOM attribute exfiltration via CSS :has() selectors.

Patches

Workarounds

If you can't upgrade mermaid, you can set the secure config value in the mermaid config to avoid allowing diagrams to modify fontFamily, themeCSS, altFontFamily, and themeVariables.

Setting "securityLevel": "sandbox" will also prevent this.

Credits

Reported by @zsxsoft on behalf of @KeenSecurityLab

github.com

https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p

github.com

https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa

github.com

https://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76

github.com

https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0

github.com

https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6

github.com

https://github.com/advisories/GHSA-87f9-hvmw-gh4p

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-41159
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-41159",
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "dateUpdated": "2026-05-29T15:02:56.459Z",
    "dateReserved": "2026-04-17T16:34:45.524Z",
    "datePublished": "2026-05-29T13:53:10.148Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M",
        "dateUpdated": "2026-05-29T13:53:10.148Z"
      },
      "title": "Mermaid: Improper sanitization of configuration leads to CSS injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0,  Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS :has() selectors. This vulnerability is fixed in 10.9.6 and 11.15.0."
        }
      ],
      "affected": [
        {
          "vendor": "mermaid-js",
          "product": "mermaid",
          "versions": [
            {
              "version": ">= 11.0.0-alpha.1, < 11.15.0",
              "status": "affected"
            },
            {
              "version": "< 10.9.6",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p",
          "name": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p",
          "tags": [
            "x_refsource_CONFIRM"
          ]
        },
        {
          "url": "https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76",
          "name": "https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aahttps://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76",
          "tags": [
            "x_refsource_MISC"
          ]
        },
        {
          "url": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0",
          "name": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid@11.15.0",
          "tags": [
            "x_refsource_MISC"
          ]
        },
        {
          "url": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6",
          "name": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6",
          "tags": [
            "x_refsource_MISC"
          ]
        }
      ],
      "metrics": [
        {}
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-05-29T15:02:56.459Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}