CVE-2026-41553 – Remote Code Execution in PDF Export Module

CVE ID :CVE-2026-41553

Published : May 15, 2026, 1:16 p.m. | 42 minutes ago

Description :PDF Export Module used in DHTMLX’s products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of “data” parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise.

This issue was fixed in PDF Export Module version 0.7.6.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-7182 – Path Traversal in Diagram

CVE-2026-41552 – Path Traversal in PDF Export Module

CVE-2026-46333 – ptrace: slightly saner ‘get_dumpable()’ logic

CVE-2026-8503 – Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids