CVE-2026-41149 | mermaid-js mermaid up to 10.9.5/11.14.x Setting code injection (GHSA-ghcm-xqfw-q4vr / EUVD-2026-31520)

A vulnerability was found in mermaid-js mermaid up to 10.9.5/11.14.x. It has been rated as critical. The impacted element is an unknown function of the component Setting Handler. Performing a manipulation results in code injection.

This vulnerability is known as CVE-2026-41149. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More