PT-2026-41295 · Dhtmlx · Pdf Export Module

·

CVE-2026-41552

·

Published

2026-05-15

·

Updated

2026-05-15

CVSS v4.0

9.2

Critical

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions PDF Export Module versions prior to 0.7.6
Description The PDF Export Module used in DHTMLX Gantt and Scheduler contains a path traversal flaw resulting from insufficient HTML sanitization. This allows an unauthenticated user to create a malicious HTML payload that includes local server files, which are then displayed within the generated PDF document.
Recommendations Update to version 0.7.6.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-41552

Affected Products

Pdf Export Module