A vulnerability, which was classified as problematic , was found in jgraph drawio up to 29.7.11 . Impacted is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-46642 . The attack can be launched remotely. No exploit exists. You should upgrade the affected component.