Description
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include
local files from the server and display them in the generated PDF.

This issue was fixed in PDF Export Module version 0.7.6.
Published: 2026-05-15
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The PDF Export Module used in DHTMLX Gantt and Scheduler products suffers from a path traversal flaw due to missing HTML sanitization. An attacker who can submit an HTML payload to the PDF export interface can embed references to arbitrary local files. When the module renders the PDF those file contents are embedded and served to the attacker, exposing server files and potentially containing sensitive configuration or credentials. The weakness aligns with CWE‑22, indicating untrusted path traversal without proper validation.

Affected Systems

The issue affects all versions of DHTMLX’s PDF Export Module prior to 0.7.6, which is employed within the Gantt and Scheduler components. The only version that has the fix is 0.7.6; earlier releases remain vulnerable.

Risk and Exploitability

With a CVSS score of 9.2 the vulnerability is deemed critical. The lack of authentication on the PDF export endpoint means an attacker can trigger the flaw from any external source, and the path traversal can reach arbitrary files on the server. Although the EPSS score is not available, the high severity and absence of a known exploitation payload in public advisories suggests the likelihood of exploitation remains significant. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 15, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade DHTMLX PDF Export Module to version 0.7.6 or newer.
  • Restrict access to the PDF export functionality so that only authenticated, authorized users can invoke it, and enforce role‑based permissions.
  • Apply custom HTML sanitization to remove any file path references or directory traversal patterns before passing payloads to the export engine.

Generated by OpenCVE AI on May 15, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 13:00:00 +0000

Type Values Removed Values Added
Description PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF Export Module version 0.7.6.
Title Path Traversal in PDF Export Module
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-05-15T13:14:32.252Z

Reserved: 2026-04-21T12:09:57.293Z

Link: CVE-2026-41552

cve-icon Vulnrichment

Updated: 2026-05-15T13:14:28.642Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-15T13:16:18.990

Modified: 2026-05-15T14:12:43.710

Link: CVE-2026-41552

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T14:45:16Z

Weaknesses