Vulnerability Description
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1.
Related Weaknesses (CWE)
References
- https://cert.pl/en/posts/2026/05/CVE-2026-7182
- https://dhtmlx.com/docs/products/dhtmlxDiagram/
- https://docs.dhtmlx.com/diagram/whats_new/#version-612
FAQ
What is CVE-2026-7182?
CVE-2026-7182 is a documented vulnerability. Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from th...
How severe is CVE-2026-7182?
CVSS scoring is not yet available for CVE-2026-7182. Check NVD for updates.
Is there a patch for CVE-2026-7182?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.