What is CVE-2026-41553?

CVE-2026-41553 is a critical-severity vulnerability in Dhtmlx Pdf Export Module, classified under OS Command Injection. CVSS score: 10.0/10. Published 2026-05-15.

How severe is CVE-2026-41553?

Critical severity. CVSS v3 base score is 10.0 out of 10.

RCE in Dhtmlx Pdf Export Module

CVE-2026-41553

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whos…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (56.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Dhtmlx Pdf Export Module — versions 0.3.3
Dhtmlx Pdf_export_module

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cvd@cert.pl (Third Party Advisory, third-party-advisory)
cvd@cert.pl (release-notes, Release Notes)

Frequently asked questions

What is CVE-2026-41553?: CVE-2026-41553 is a critical-severity vulnerability in Dhtmlx Pdf Export Module, classified under OS Command Injection. CVSS score: 10.0/10. Published 2026-05-15.
How severe is CVE-2026-41553?: Critical severity. CVSS v3 base score is 10.0 out of 10.