CVE-2026-41150 | mermaid-js mermaid up to 10.9.5/11.14.x ganttDb.getTasks excludes infinite loop (GHSA-6m6c-36f7-fhxh)

Inserito da Angelo Barbosa | Mag 29, 2026 | CVE

A vulnerability was found in mermaid-js mermaid up to 10.9.5/11.14.x and classified as problematic. This vulnerability affects the function ganttDb.getTasks. Such manipulation of the argument excludes leads to infinite loop.

This vulnerability is listed as CVE-2026-41150. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-41150 | mermaid-js mermaid up to 10.9.5/11.14.x ganttDb.getTasks excludes infinite loop (GHSA-6m6c-36f7-fhxh)

Post correlati

CVE-2025-40804 | Siemens SIMATIC Virtualization as a Service permission assignment (ssa-534283)

CVE-2024-1170 | Post Form Plugin up to 2.8.7 on WordPress Media Deletion authorization

CVE-2025-68615 | net-snmp up to 5.9.4/5.10.pre1 snmptrapd memory corruption (GHSA-4389-rwqf-q9gq)

CVE-2025-34503 | Light & Wonder Deck Mate 1 Firmware Update signature verification