CVE-2026-41159 | mermaid-js mermaid up to 10.9.5/11.14.x Diagram has code injection

A vulnerability was found in mermaid-js mermaid up to 10.9.5/11.14.x. It has been classified as critical. This issue affects the function has of the component Diagram Handler. Performing a manipulation results in code injection.

This vulnerability is cataloged as CVE-2026-41159. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More