A vulnerability was found in mermaid-js mermaid up to 10.9.5/11.14.x . It has been rated as critical . This issue affects the function addStyleClass of the component createCssStyles Parser . This manipulation causes code injection. This vulnerability is handled as CVE-2026-41148 . The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.