CVE-2026-7182 – Path Traversal in Diagram

CVE ID :CVE-2026-7182

Published : May 15, 2026, 1:16 p.m. | 42 minutes ago

Description :Diagram’s export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include
local files from the server and display them in the generated pdf.

This issue was fixed in version 1.1.1.

Severity: 9.2 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-41553 – Remote Code Execution in PDF Export Module

CVE-2026-41552 – Path Traversal in PDF Export Module

CVE-2026-46333 – ptrace: slightly saner ‘get_dumpable()’ logic

CVE-2026-8503 – Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids