Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from Vendor (GitHub_M) · only source for this CVE.
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer (which works correctly on the rendering path) but in a feature-detection routine in the Text Format panel that reads the raw cell label and assigns it to a detached element's innerHTML without sanitization. Browsers fire onerror for failed image loads even on detached elements, so an <img src=x onerror=...> payload in any cell label triggers script execution as soon as the cell is selected - which import does automatically. This issue has been patched in version 29.7.12.
AnalysisAI
Stored cross-site scripting in draw.io prior to version 29.7.12 allows arbitrary JavaScript execution in the editor's origin when a victim opens a crafted .drawio file. The flaw bypasses the existing label sanitizer entirely because it resides in a separate, unsanitized code path - the Text Format panel's feature-detection routine - which assigns raw cell label content directly to a detached DOM element's innerHTML. Exploitation is automatic upon file import since draw.io selects cells programmatically during that process, requiring no additional user interaction beyond opening the file. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Technical ContextAI
draw.io (CPE: cpe:2.3:a:jgraph:drawio:*:*:*:*:*:*:*:*) is a browser-based diagramming and whiteboarding application by JGraph. The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-site Scripting), specifically a DOM-based XSS variant. The application correctly sanitizes cell labels on the rendering code path, but a second, independent code path in the Text Format panel's feature-detection routine reads raw cell label values and assigns them to a detached DOM element via innerHTML without sanitization. A critical browser behavior is exploited here: even elements detached from the live document tree still trigger event handlers such as onerror when image loads fail. An attacker payload of <img src=x onerror=...> placed in any cell label therefore executes its JavaScript handler the moment the detached element is created, before any rendering sanitizer has a chance to process the content. Because file import automatically selects cells, this fires synchronously during the open operation.
RemediationAI
Upgrade draw.io to version 29.7.12 or later, which is confirmed as the vendor-released fix per the GitHub release at https://github.com/jgraph/drawio/releases/tag/v29.7.12 and the security advisory at https://github.com/jgraph/drawio/security/advisories/GHSA-fqhg-287p-c6vf. For organizations unable to patch immediately, restrict access to the draw.io instance to trusted internal users only and implement strict file-sharing policies prohibiting the ingestion of .drawio files from unverified or external sources - this reduces but does not eliminate the attack surface, as insider threat or compromised accounts remain a vector. Disabling the Text Format panel entirely, if supported by the deployment configuration, would remove the vulnerable code path, though this carries the trade-off of losing text formatting functionality. Content Security Policy (CSP) headers enforcing script-src restrictions on the draw.io origin can limit the impact of successful XSS payloads by blocking inline script execution or restricting exfiltration endpoints, but CSP alone does not prevent the initial code execution in all configurations.
OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. Rated critical severity (CVSS 9.8), this vulner
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. Rated critical sev
Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6. Rated high severity (CVSS 8.8), this vulne
OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0. Rated high severity (CVSS 7.8), this vulnerabil
Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. Rated high severity (CVSS 7.5), this vulnerability
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. Rated high severity (CVSS 7.5), this vulnera
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. Rated hig
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. Rated high severity (CVSS 7.5), t
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7. Rated high severity (CVSS 7.5), t
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. Rated high severity (CVSS 7.5), t
Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. Rated high severity (CVSS 7.5), t
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Rated high severity (CVSS 7.5), t
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36077