#CSS injection

The Lab · 2026-05-12 09:48:29 · GitHub Issues

1. CVE-2026-41148: Mermaid.js CSS Injection Flaw in classDefs Parser Exposes Diagram Platforms

A security vulnerability has been uncovered in Mermaid.js, a popular JavaScript library used across development environments, wikis, and documentation platforms to render diagrams from text definitions. The flaw, tracked as CVE-2026-41148 (GHSA-xcj9-5m2h-648r), allows improper sanitization of `classDefs` in diagrams, e...

#CVE-2026-41148 #GHSA-xcj9-5m2h-648r #CSS injection #classDefs #dependency update

Latest Signals (1)

1. CVE-2026-41148: Mermaid.js CSS Injection Flaw in classDefs Parser Exposes Diagram Platforms