CVE-2026-41150

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Mermaid versions 11.14.0 and earlier Mermaid versions prior to 10.9.6

Description A denial-of-service issue occurs when rendering gantt charts if the excludes attribute is used to exclude all dates. While mermaid.parse is not affected, the issue is triggered when calling the ganttDb.getTasks() function during diagram rendering.

Recommendations Update to version 11.15.0. Update to version 10.9.6.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2026-41150

GHSA-6M6C-36F7-FHXH

Affected Products

Mermaid

CVE-2026-41150

Weakness Enumeration

Related Identifiers

Affected Products

References · 9