CVE Catalog

CVE-2026-7182

Critical
Published: Translated: NVD NIST

Summary

The diagram's export module is vulnerable to Path Traversal in the src attribute due to lack of HTML sanitization. An unauthenticated user could craft an HTML payload that could include local files from the server and display them in the generated PDF.

Risk Assessment

An attacker could gain access to sensitive data on the server, potentially leading to information leakage and security breaches.

Recommendation

It is recommended to upgrade to version 1.1.1, where the issue has been fixed. Additionally, implementing further input sanitization mechanisms is advisable.

Original NVD description (English source)

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS