CVE-2026-41552

N/A Unknown
Published: May 15, 2026 Modified: May 15, 2026
View on NVD

Description

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable toΒ Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF Export Module version 0.7.6.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://cert.pl/en/posts/2026/05/CVE-2026-7182
Source: cvd@cert.pl
https://docs.dhtmlx.com/gantt/guides/pdf-export-module-whatsnew/#076:~:text=Fixed%20Remote%20Code%20Execution%20and%20File%20Read%20vulnerabilities
Source: cvd@cert.pl

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-7182 N/A
CVE-2026-41553 N/A
CVE-2026-8503 N/A
CVE-2026-8454 N/A
CVE-2026-41971 5.5