CVE-2026-7182

CVSS v4.0

9.2

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions DHTMLX Diagram versions prior to 1.1.1

Description The export module is susceptible to Path Traversal in the src attribute because of insufficient HTML sanitization. An unauthenticated attacker can craft a malicious HTML payload to read arbitrary local files from the server and include their content in the generated PDF.

Recommendations Update to version 1.1.1.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-7182

Affected Products

Dhtmlx Diagram

CVE-2026-7182

Weakness Enumeration

Related Identifiers

Affected Products

References · 5