What is CVE-2026-41552?

CVE-2026-41552 is a high-severity vulnerability in Dhtmlx Pdf Export Module, classified under Path Traversal. CVSS score: 7.5/10. Published 2026-05-15.

How severe is CVE-2026-41552?

High severity. CVSS v3 base score is 7.5 out of 10.

Path Traversal in Dhtmlx Pdf Export Module

CVE-2026-41552

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and dis…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (13.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Dhtmlx Pdf Export Module — versions 0.3.3
Dhtmlx Pdf_export_module

Weakness classification (CWE)

CWE-22 — Path Traversal

References

cvd@cert.pl (Third Party Advisory, third-party-advisory)
cvd@cert.pl (release-notes, Release Notes)

Frequently asked questions

What is CVE-2026-41552?: CVE-2026-41552 is a high-severity vulnerability in Dhtmlx Pdf Export Module, classified under Path Traversal. CVSS score: 7.5/10. Published 2026-05-15.
How severe is CVE-2026-41552?: High severity. CVSS v3 base score is 7.5 out of 10.