CVE-2026-7182
CriticalSummary
The diagram's export module is vulnerable to Path Traversal in the src attribute due to lack of HTML sanitization. An unauthenticated user could craft an HTML payload that could include local files from the server and display them in the generated PDF.
Risk Assessment
An attacker could gain access to sensitive data on the server, potentially leading to information leakage and security breaches.
Recommendation
It is recommended to upgrade to version 1.1.1, where the issue has been fixed. Additionally, implementing further input sanitization mechanisms is advisable.
Original NVD description (English source)
Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1.

