{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41150", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-17T12:59:15.740Z", "datePublished": "2026-05-29T13:54:52.157Z", "dateUpdated": "2026-05-29T16:17:31.324Z"}, "containers": {"cna": {"title": "Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS", "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "lang": "en", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "version": "4.0"}}], "references": [{"name": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh"}, {"name": "https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6", "tags": ["x_refsource_MISC"], "url": "https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6"}, {"name": "https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e", "tags": ["x_refsource_MISC"], "url": "https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e"}, {"name": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0"}, {"name": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6"}], "affected": [{"vendor": "mermaid-js", "product": "mermaid", "versions": [{"version": ">= 11.0.0-alpha.1, < 11.15.0", "status": "affected"}, {"version": "< 10.9.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-29T13:54:52.157Z"}, "descriptions": [{"lang": "en", "value": "Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram). This vulnerability is fixed in 10.9.6 and 11.15.0."}], "source": {"advisory": "GHSA-6m6c-36f7-fhxh", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-29T16:16:21.549813Z", "id": "CVE-2026-41150", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T16:17:31.324Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41150", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-29T16:16:21.549813Z"}}}], "references": [{"url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-29T16:13:40.925Z"}}], "cna": {"title": "Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS", "source": {"advisory": "GHSA-6m6c-36f7-fhxh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "mermaid-js", "product": "mermaid", "versions": [{"status": "affected", "version": ">= 11.0.0-alpha.1, < 11.15.0"}, {"status": "affected", "version": "< 10.9.6"}]}], "references": [{"url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh", "name": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6", "name": "https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e", "name": "https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0", "name": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6", "name": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram). This vulnerability is fixed in 10.9.6 and 11.15.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-29T13:54:52.157Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41150", "state": "PUBLISHED", "dateUpdated": "2026-05-29T16:17:31.324Z", "dateReserved": "2026-04-17T12:59:15.740Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-05-29T13:54:52.157Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mermaid_project:mermaid:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "FDEEC1E5-342A-4D63-9E8E-B3885FD0126B", "versionEndExcluding": "10.9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mermaid_project:mermaid:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "1E9D25F0-A61B-4AE3-8BE6-4246FADCAEFF", "versionEndExcluding": "11.15.0", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram). This vulnerability is fixed in 10.9.6 and 11.15.0."}], "id": "CVE-2026-41150", "lastModified": "2026-06-01T18:37:37.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-05-29T15:16:22.673", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"], "url": "https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "mermaid: Mermaid: Denial of Service via specially crafted gantt charts", "id": "2483296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483296"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram). This vulnerability is fixed in 10.9.6 and 11.15.0.", "A flaw was found in Mermaid, a JavaScript tool used for creating diagrams and charts. This vulnerability allows a remote attacker to trigger a denial-of-service (DoS) condition. The attack occurs when a specially crafted gantt chart, which uses the `excludes` attribute to exclude all dates, is rendered. Successful exploitation can make the application unresponsive."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-41150", "package_state": [{"cpe": "cpe:/a:redhat:podman_desktop:1", "fix_state": "Fix deferred", "package_name": "rh-podman-desktop.git", "product_name": "Red Hat Build of Podman Desktop"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3", "fix_state": "Fix deferred", "package_name": "devspaces/code-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}], "public_date": "2026-05-29T13:54:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41150\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41150\nhttps://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6\nhttps://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e\nhttps://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0\nhttps://github.com/mermaid-js/mermaid/releases/tag/v10.9.6\nhttps://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.0.0-alpha.1,11.15.0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.9.6)"}}], "enrichment": {"confidence": 83.0, "confidence_source": "matching", "scores": [{"score": 83.0, "source": "matching"}]}, "original": {"product": "mermaid", "source": "cna", "vendor": "mermaid-js"}, "product": "mermaid", "vendor": "mermaid_project"}], "created": "2026-05-29T15:15:46.475408+00:00", "updated": "2026-05-30T20:45:05.958214+00:00", "vendors": ["mermaid_project", "mermaid_project$PRODUCT$mermaid"]}