CVE-2026-41552 – Path Traversal in PDF Export Module

CVE ID :CVE-2026-41552

Published : May 15, 2026, 1:16 p.m. | 42 minutes ago

Description :PDF Export Module used in DHTMLX’s products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include
local files from the server and display them in the generated PDF.

This issue was fixed in PDF Export Module version 0.7.6.

Severity: 9.2 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-7182 – Path Traversal in Diagram

CVE-2026-41553 – Remote Code Execution in PDF Export Module

CVE-2026-46333 – ptrace: slightly saner ‘get_dumpable()’ logic

CVE-2026-8503 – Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids