Skip to content

chore(deps): update dependency mermaid to v11.15.0 [security] (main)#8569

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/main-npm-mermaid-vulnerability
Open

chore(deps): update dependency mermaid to v11.15.0 [security] (main)#8569
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/main-npm-mermaid-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 11, 2026

This PR contains the following updates:

Package Change Age Confidence
mermaid 11.14.011.15.0 age confidence

Mermaid: Improper sanitization of classDefs in diagrams leads to CSS injection

CVE-2026-41148 / GHSA-xcj9-5m2h-648r

More information

Details

Details

The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures classDef values with an unrestricted regex:

// packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83
<CLASSDEFID>[^\n]*   { this.popState(); return 'CLASSDEF_STYLEOPTS' }

The value passes unsanitized through addStyleClass() -> createCssStyles() -> style.innerHTML (mermaidAPI.ts:418). A } in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page.

PoC
stateDiagram-v2 
      classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")}

Live demo:
https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU

Patches

This has been patched in:

Workarounds

Setting "securityLevel": "sandbox" will prevent this, by rendering the mermaid diagram in a sandboxed <iframe>.

Impact

Enables page defacement, user tracking via url() callbacks, and DOM attribute exfiltration via CSS :has() selectors.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Mermaid: Improper sanitization of classDef in state diagrams leads to HTML injection

CVE-2026-41149 / GHSA-ghcm-xqfw-q4vr

More information

Details

Impact

Under the default configuration, Mermaid state diagram's classDef allow DOM injection that escapes the SVG, although <script> tags are removed, preventing XSS.

Proof-of-concept
stateDiagram-v2
  classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b
  [*] --> A:::xss
Patches
Workarounds

If you can not update to a patched version, setting "securityLevel": "sandbox" will prevent this, by rendering the mermaid diagram in a sandboxed <iframe>.

Credits

Thanks to @​zsxsoft from @​KeenSecurityLab for reporting this vulnerability.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Mermaid: Improper sanitization of configuration leads to CSS injection

CVE-2026-41159 / GHSA-87f9-hvmw-gh4p

More information

Details

Impact

Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options.

Live demo: mermaid.live

Example code:

%%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%%
flowchart LR
    A --> B

The injected CSS exploits stylis's & (scope reference) handling. :not(&) escapes the #mermaid-xxx automatic scoping, applying styles to all page elements. Global at-rules (@font-face, @keyframes, @counter-style) are also injectable as stylis hoists them to top level.

This allows page defacement and DOM attribute exfiltration via CSS :has() selectors.

Patches
Workarounds

If you can't upgrade mermaid, you can set the secure config value in the mermaid config to avoid allowing diagrams to modify fontFamily, themeCSS, altFontFamily, and themeVariables.

Setting "securityLevel": "sandbox" will also prevent this.

Credits

Reported by @​zsxsoft on behalf of @​KeenSecurityLab

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

CVE-2026-41150 / GHSA-6m6c-36f7-fhxh

More information

Details

Impact

Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates.

Example:

gantt
  excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday
  DoS :2025-01-01, 1d

mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram).

Patches

This has been patched in:

Workarounds

There are no workarounds available without updating to a newer version of mermaid.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

mermaid-js/mermaid (mermaid)

v11.15.0

Compare Source

Minor Changes

  • #​7174 0aca217 Thanks @​milesspencer35! - feat(sequence): Add support for decimal start and increment values in the autonumber directive

  • #​7512 8e17492 Thanks @​aruncveli! - feat(flowchart): add datastore shape

    In Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with A@{ shape: datastore, label: "Datastore" }.

  • #​6440 9ad8dde Thanks @​yordis, @​lgazo! - feat: add Event Modeling diagram

  • #​7707 27db774 Thanks @​txmxthy! - feat(architecture): expose four fcose layout knobs for architecture-beta diagrams (nodeSeparation, idealEdgeLengthMultiplier, edgeElasticity, numIter) so authors can tune layout density and spread overlapping siblings without changing diagram source

  • #​7604 bf9502f Thanks @​M-a-c! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nesting

    If you have namespaces in class diagrams that use .s already and want to render them without nesting (≤v11.14.0 behaviour), you can use set class.hierarchicalNamespaces=false in your mermaid config:

    config:
  class:
    hierarchicalNamespaces: false

  • #​7272 88cdd3d Thanks @​xinbenlv! - feat(sankey): add outlined label style, configurable nodeWidth/nodePadding, and custom node colors

Patch Changes

  • #​7737 e9b0f34 Thanks @​ashishjain0512! - fix: prevent unbalanced CSS styles in classDefs

  • #​7737 37ff937 Thanks @​ashishjain0512! - fix: create CSS styles using the CSSOM

    This removes some invalid CSS and normalizes some CSS formatting.

  • #​7508 bfe60cc Thanks @​biiab! - fix(stateDiagram): end note now only closes a note when used on a new line

  • #​7737 faafb5d Thanks @​ashishjain0512! - fix(gantt): add iteration limit for excludes field

  • #​7737 65f8be2 Thanks @​ashishjain0512! - fix: disallow some CSS at-rules in custom CSS

  • #​7726 1502f32 Thanks @​aloisklink! - fix(wardley): fix unnecessary sanitization of text

  • #​7578 1f98db8 Thanks @​Gaston202! - fix(class): self-referential class multiplicity labels no longer rendered multiple times

    Fixes #​7560. Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions.

  • #​7592 2343e38 Thanks @​knsv-bot! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams

  • #​7589 7fb9509 Thanks @​NYCU-Chung! - fix(block): prevent column widths from shrinking when mixing different column spans

  • #​7632 3f9e0f1 Thanks @​ekiauhce! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams

  • #​7642 7a8fb85 Thanks @​tractorjuice! - fix(wardley): allow hyphens in unquoted component names

    Multi-word names containing hyphens — e.g. real-time processing, end-user, on-call engineer — now parse without quoting, bringing the grammar in line with the OnlineWardleyMaps (OWM) convention. A->B (no-space arrow) still tokenises correctly.

  • #​7523 5144ed4 Thanks @​darshanr0107! - fix(block): Arrow blocks in block-beta diagrams not spanning the specified number of columns when using :n syntax.

  • #​7262 13d9bfa Thanks @​darshanr0107! - fix(block): Ensure block diagram hexagon blocks respect column spanning syntax

  • #​7684 e14bb88 Thanks @​aloisklink! - fix: loosen uuid dependency range to allow v14

    Mermaid does not use any of the vulnerable code in CVE-2026-41907,
    but this allows users to silence any npm audit alerts on it.

  • #​7633 9217c0d Thanks @​Felix-Garci! - fix(block): add support for all arrow types in block diagrams

  • #​7587 5e7eb62 Thanks @​MaddyGuthridge! - chore: drop lodash-es in favour of es-toolkit

  • #​7693 afaf306 Thanks @​dull-bird! - fix(quadrant-chart): allow CJK, emoji, Latin-1 accented characters, and other non-ASCII text in unquoted axis/quadrant/point labels.

    Previously the lexer only matched ASCII [A-Za-z]+ for text tokens, even though the grammar referenced UNICODE_TEXT. Bare Chinese, Japanese, Korean, emoji, and accented Latin characters in labels caused a parse error. Added a [^\x00-\x7F]+ lexer rule to emit UNICODE_TEXT and included it in the alphaNumToken grammar rule.

    Fixes #​7120.

  • #​7737 4755553 Thanks @​ashishjain0512! - fix: improve D3 types for mermaidAPI funcs

  • #​7737 6476973 Thanks @​ashishjain0512! - fix: handle & when namespacing CSS rules

  • #​7520 8c1a0c1 Thanks @​RodrigojndSantos! - fix(stateDiagram): comments starting with one % are no longer treated as comments

    Switch to using two %% if you want to write a comment.

  • Updated dependencies [7a8fb85, 675a64c]:

Configuration

📅 Schedule: (in timezone Europe/Berlin)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label May 11, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 11, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@max-nextcloud max-nextcloud Awaiting requested review from max-nextcloud max-nextcloud is a code owner

@mejo- mejo- Awaiting requested review from mejo- mejo- is a code owner

@silverkszlo silverkszlo Awaiting requested review from silverkszlo silverkszlo is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants