CVE-2026-41552
HIGH WAF: High
CVSS 7.5
Published: 2026-05-15
CWE-22
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF Export Module version 0.7.6.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| dhtmlx | pdf_export_module | 0.3.3 - 0.7.6 |
References
- cert.pl (Third Party Advisory)
- docs.dhtmlx.com (Release Notes)