CVE-2026-41150 | mermaid-js mermaid up to 10.9.5/11.14.x ganttDb.getTasks excludes infinite loop (GHSA-6m6c-36f7-fhxh)

A vulnerability was found in mermaid-js mermaid up to 10.9.5/11.14.x and classified as problematic. This vulnerability affects the function ganttDb.getTasks. Such manipulation of the argument excludes leads to infinite loop.

This vulnerability is listed as CVE-2026-41150. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More