PatchSiren cyber security CVE debrief

CVE-2026-41159 mermaid-js CVE debrief

CVE-2026-41159 is a CSS injection vulnerability in Mermaid, a JavaScript diagramming library. The issue stems from Mermaid's default configuration allowing untrusted CSS injection through the `fontFamily`, `themeCSS`, and `altFontFamily` configuration options. The vulnerability exploits stylis's `&` (scope reference) handling, where `:not(&)` selectors escape the automatic `#mermaid-xxx` scoping and apply styles globally to all page elements. Additionally, global at-rules (`@font-face`, `@keyframes`, `@counter-style`) are hoisted to the top level by stylis, further expanding the attack surface. This enables page defacement and DOM attribute exfiltration via CSS `:has()` selectors. The vulnerability was published on 2026-05-29 and affects versions prior to 10.9.6 and 11.15.0. Fixes are available in both release branches.

Vendor: mermaid-js
Product: mermaid
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-29
Original CVE updated: 2026-05-29
Advisory published: 2026-05-29
Advisory updated: 2026-05-29

Who should care

Organizations using Mermaid in web applications that process untrusted user input, particularly those rendering diagrams in multi-user contexts or embedding third-party content. Developers integrating Mermaid should prioritize patching due to the potential for page defacement and information disclosure through DOM attribute exfiltration.

Technical summary

The vulnerability exists in Mermaid's CSS preprocessing pipeline which uses stylis. When user-controlled values are passed to `fontFamily`, `themeCSS`, or `altFontFamily` configuration options, malicious CSS can be injected. The stylis preprocessor automatically scopes CSS with `#mermaid-xxx` selectors, but the `&` parent selector reference can be abused with `:not(&)` to create selectors that match elements outside the Mermaid container. Furthermore, stylis hoists global at-rules (`@font-face`, `@keyframes`, `@counter-style`) to the document level regardless of scoping. Combined with modern CSS features like `:has()` selectors, attackers can construct rules that exfiltrate DOM attributes or modify page appearance globally. This represents a bypass of Mermaid's intended style isolation.

Defensive priority

medium

Recommended defensive actions

Upgrade Mermaid to version 10.9.6 or 11.15.0 or later to obtain the security fix
Review and sanitize any user-supplied configuration values passed to Mermaid's `fontFamily`, `themeCSS`, or `altFontFamily` options
Implement Content Security Policy (CSP) restrictions to mitigate impact of CSS injection in affected applications
Audit applications using Mermaid for unexpected CSS rules or DOM manipulation that may indicate exploitation
Consider sandboxing Mermaid rendering in isolated iframes with restricted permissions where feasible

Evidence notes

The CVE description and NVD source confirm the vulnerability mechanism involving stylis CSS preprocessing and scope escape via `:not(&)`. The GitHub Security Advisory (GHSA-87f9-hvmw-gh4p) and release tags provide fix confirmation. CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, but user interaction required.

Official resources

2026-05-29