PatchSiren

lukilabs CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM lukilabs CVE published 2026-02-13

CVE-2026-26226

The CVE record for CVE-2026-26226 was published on 2026-02-13T17:16:14.073Z and has not been modified since then. The NVD entry is currently Deferred. This SVG attribute injection issue in beautiful-mermaid versions prior to 0.1.3 can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated in [truncated]