Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-41150

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-29 May, 2026 | 13:54
Updated At-29 May, 2026 | 13:54
Rejected At-
Credits

Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram). This vulnerability is fixed in 10.9.6 and 11.15.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:29 May, 2026 | 13:54
Updated At:29 May, 2026 | 13:54
Rejected At:
▼CVE Numbering Authority (CNA)
Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you then call the ganttDb.getTasks() (which is called when rendering a diagram). This vulnerability is fixed in 10.9.6 and 11.15.0.

Affected Products
Vendor
mermaid-js
Product
mermaid
Versions
Affected
  • >= 11.0.0-alpha.1, < 11.15.0
  • < 10.9.6
Problem Types
TypeCWE IDDescription
CWECWE-835CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Type: CWE
CWE ID: CWE-835
Description: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh
x_refsource_CONFIRM
https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6
x_refsource_MISC
https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e
x_refsource_MISC
https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0
x_refsource_MISC
https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6
x_refsource_MISC
Hyperlink: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6
Resource:
x_refsource_MISC
Hyperlink: https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e
Resource:
x_refsource_MISC
Hyperlink: https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0
Resource:
x_refsource_MISC
Hyperlink: https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6
Resource:
x_refsource_MISC
Information is not available yet

Similar CVEs

0Records found
Details not found