Skip to main content

Diagram

1 CVEs product

Monthly

CVE-2026-7182 CRITICAL PATCH Act Now

Path traversal in DHTMLX Diagram's export module allows remote unauthenticated attackers to exfiltrate local server files through crafted HTML payloads in the src attribute. The vulnerability exposes high-value server-side information (CVSS VC:H, SC:H) by embedding local files into generated PDFs without requiring authentication (PR:N) or user interaction (UI:N). DHTMLX released a fix in version 1.1.1, confirmed by CERT-PL advisory and vendor changelog.

Path Traversal Diagram
NVD
CVSS 4.0
9.2
EPSS
0.1%
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Path traversal in DHTMLX Diagram's export module allows remote unauthenticated attackers to exfiltrate local server files through crafted HTML payloads in the src attribute. The vulnerability exposes high-value server-side information (CVSS VC:H, SC:H) by embedding local files into generated PDFs without requiring authentication (PR:N) or user interaction (UI:N). DHTMLX released a fix in version 1.1.1, confirmed by CERT-PL advisory and vendor changelog.

Path Traversal Diagram
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy