CVE-2026-41553

N/A Unknown
Published: May 15, 2026 Modified: May 15, 2026
View on NVD

Description

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise. This issue was fixed in PDF Export Module version 0.7.6.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://cert.pl/en/posts/2026/05/CVE-2026-7182
Source: cvd@cert.pl
https://docs.dhtmlx.com/gantt/guides/pdf-export-module-whatsnew/#076:~:text=Fixed%20Remote%20Code%20Execution%20and%20File%20Read%20vulnerabilities
Source: cvd@cert.pl

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-78

Related CVEs

CVE-2026-7182 N/A
CVE-2026-41552 N/A
CVE-2026-8503 N/A
CVE-2026-8454 N/A
CVE-2026-41971 5.5