Description
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
https://cert.pl/en/posts/2026/05/CVE-2026-7182
Release Notes release-notes
https://docs.dhtmlx.com/diagram/whats_new/#version-612
Product product
https://dhtmlx.com/docs/products/dhtmlxDiagram/
Scores
CVSS v4
9.2
EPSS
0.0040
EPSS Percentile
31.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
DHTMLX/Diagram
1.0.0 - 1.1.1
Published
May 15, 2026
Tracked Since
May 15, 2026