Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.2
CVE-2026-7182: Diagram Export Module Path Traversal in PDF Generation
CVE-2026-7182
Summary
Diagram's export module allows unauthorized users to include local files in generated PDFs, potentially revealing sensitive information. This issue has been fixed in version 1.1.1. Update to the latest version to resolve the vulnerability.
Original title
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include
local files from...
Original description
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include
local files from the server and display them in the generated pdf.
This issue was fixed in version 1.1.1.
local files from the server and display them in the generated pdf.
This issue was fixed in version 1.1.1.
nvd CVSS4.0
9.2
Vulnerability type
CWE-22
Path Traversal
Published: 15 May 2026 · Updated: 28 May 2026 · First seen: 15 May 2026