MEDIUM
lukilabs
CVE published 2026-02-13
CVE-2026-26226
The CVE record for CVE-2026-26226 was published on 2026-02-13T17:16:14.073Z and has not been modified since then. The NVD entry is currently Deferred. This SVG attribute injection issue in beautiful-mermaid versions prior to 0.1.3 can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated in [truncated]