Skip to main content

Pdf Export Module

1 CVEs product

Monthly

CVE-2026-41552 CRITICAL PATCH Act Now

Path traversal in DHTMLX PDF Export Module (used by Gantt and Scheduler) allows remote unauthenticated attackers to read arbitrary local files from the server and embed them in generated PDFs. The vulnerability stems from insufficient HTML sanitization in the module's PDF generation process. CERT-PL reported this issue, and DHTMLX released version 0.7.6 to address it. No active exploitation confirmed by CISA KEV, but the low attack complexity and network attack vector make this a priority for organizations using affected Gantt or Scheduler deployments.

Path Traversal Pdf Export Module
NVD VulDB
CVSS 4.0
9.2
EPSS
0.0%
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Path traversal in DHTMLX PDF Export Module (used by Gantt and Scheduler) allows remote unauthenticated attackers to read arbitrary local files from the server and embed them in generated PDFs. The vulnerability stems from insufficient HTML sanitization in the module's PDF generation process. CERT-PL reported this issue, and DHTMLX released version 0.7.6 to address it. No active exploitation confirmed by CISA KEV, but the low attack complexity and network attack vector make this a priority for organizations using affected Gantt or Scheduler deployments.

Path Traversal Pdf Export Module
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy