External risk intelligence

Attacker can access local files using DHTMLX PDF export module

CVE advisorySeverity: CRITICAL (CVSS 9.2)

CVE-2026-41552

DHTMLX Gantt and Scheduler products have a flaw that lets anyone view local files from the server within exported PDFs. Update the PDF Export Module to 0.7.6 to fix this information leak.

4Halo Surface Signal

Path Traversal

Dhtmlx Pdf Export Module

0.3.3 to before 0.7.6

External exposure likelihood

Halo Surface Signal score for CVE-2026-41552

DHTMLX Gantt and Scheduler are JavaScript UI components frequently integrated into internet-facing web applications, dashboards, and project management tools. As the PDF export feature is a standard function accessible through the web application's user interface, the vulnerability is reachable in common deployments where these web applications are exposed to the public internet.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability involves the PDF export feature in DHTMLX Gantt and Scheduler products. It allows an unauthenticated user to potentially access and display local files from the server within generated PDFs due to a flaw in how HTML is processed. This means sensitive information could be leaked through exported documents.

  • Information disclosure risk.
  • Affects web applications using this feature.
  • Easy to exploit without authentication.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this vulnerability by crafting a malicious HTML payload within a request to the PDF export module. This payload leverages the lack of sanitization to perform a path traversal, allowing the attacker to include and exfiltrate local files from the server. This could expose sensitive data to the attacker.

  • No authentication required.
  • Targets PDF Export Module.
  • Server-side file inclusion.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows unauthenticated users to craft malicious HTML payloads to access local files on the server, which are then displayed in generated PDFs. While the attack vector is network-based and requires no privileges, the impact is limited to file disclosure rather than remote code execution, which may reduce its attractiveness to some attackers. The fix was released in version 0.7.6.

  • Public exploit code availability is unknown.
  • No known KEV listing or exploitation signals.
  • The vulnerability is relatively recent.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching the DHTMLX PDF Export Module to version 0.7.6 immediately, as this vulnerability allows unauthenticated users to access local server files. If immediate patching is not possible, isolate affected services to prevent exploitation.

  • Update PDF Export Module to 0.7.6.
  • Isolate services if patching is delayed.
  • Monitor for unauthorized file access.

Frequently asked questions

What is the DHTMLX PDF Export Module and what is it used for?

The DHTMLX PDF Export Module is a component used in DHTMLX's Gantt and Scheduler products. These products are typically used for creating project management tools and scheduling applications, with the PDF export module allowing users to generate PDF documents from their project or schedule data.

What kind of vulnerability is CVE-2026-41552 affecting the PDF Export Module?

CVE-2026-41552 is a Path Traversal vulnerability. This means an attacker can trick the software into accessing files and directories they shouldn't be able to by manipulating input that is used to specify file paths, leading to information disclosure.

How can an attacker exploit CVE-2026-41552?

An attacker can exploit this by sending a specially crafted HTML payload to the PDF export feature. Because the module does not properly sanitize this input, the attacker can use path traversal techniques to include local files from the server within the PDF that is generated.

Who should be concerned about this vulnerability based on its exposure?

Organizations using DHTMLX Gantt or Scheduler products that are exposed to the internet should be concerned. The vulnerability is classified as external, meaning an attacker could potentially reach it over the network, making internet-facing applications a primary target.

What is the first step to address this vulnerability in DHTMLX products?

The immediate and most effective step is to update the PDF Export Module to version 0.7.6 or later. This version contains the fix for the path traversal vulnerability, preventing unauthorized access to local files.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified