1. Mermaid 11.15.0 Patches CSS Injection via themeCSS and fontFamily — CVE-2026-41159
A critical CSS injection vulnerability has been identified in Mermaid, the widely-used open-source diagram and charting library. Tracked as CVE-2026-41159 (GHSA-87f9-hvmw-gh4p), the flaw stems from improper sanitization of user-supplied configuration options, allowing injected styles to apply beyond the boundaries of r...