CVE-2026-41553

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

10.0 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and subsequently executed. This can lead to server compromise.

This issue was fixed in PDF Export Module version 0.7.6.

Vulnerability Details

Published Date

May 15, 2026

Last Modified

May 18, 2026

CWE ID

CWE-78

Source

NVD

Vendor

DHTMLX

Product

PDF Export Module

External References

https://cert.pl/en/posts/2026/05/CVE-2026-7182
https://docs.dhtmlx.com/gantt/guides/pdf-export-module-whatsnew/#076:~:text=Fixed%20Remote%20Code%20Execution%20and%20File%20Read%20vulnerabilities

CVE-2026-41553

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment