What is GHSA-cj88-m5vv-89m3?

GHSA-cj88-m5vv-89m3 is a security advisory published by GitHub Security Advisories with Critical severity. PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal...

Which CVE IDs does GHSA-cj88-m5vv-89m3 cover?

GHSA-cj88-m5vv-89m3 covers the following CVE IDs: CVE-2026-41552. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-cj88-m5vv-89m3?

GHSA-cj88-m5vv-89m3 has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-cj88-m5vv-89m3CriticalCVSS 7.5

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal...

Vendor

GitHub Security Advisories

Published

May 15, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-41552 →

📋 Description

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF Export Module version 0.7.6.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-41552
https://cert.pl/en/posts/2026/05/CVE-2026-7182
https://docs.dhtmlx.com/gantt/guides/pdf-export-module-whatsnew/#076:~:text=Fixed%20Remote%20Code%20Execution%20and%20File%20Read%20vulnerabilities
https://github.com/advisories/GHSA-cj88-m5vv-89m3