CVE-2026-41150EPSS p30.0%

CVE-2026-41150CVE-2026-41150

mermaid_project / mermaid

Description

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram). This vulnerability is fixed in 10.9.6 and 11.15.0.

Scoring

CVSS 5.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS0.38% probability of exploitation · percentile 30.0% · 2026-06-18T12:00:27Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41159
CVE
CVE-2025-67744
CVE
CVE-2026-11455
CVE
CVE-2025-68669
CVE
CVE-2025-58768
CVE
CVE-2026-40322
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.