CVE-2026-7182

Sažetak

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1.

Reference

https://cert.pl/en/posts/2026/05/CVE-2026-7182
https://dhtmlx.com/docs/products/dhtmlxDiagram/
https://docs.dhtmlx.com/diagram/whats_new/#version-612

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

15-05-2026 - 14:56

Objavljeno

15-05-2026 - 13:16