Lucene search
K

CVE-2026-28793

πŸ—“οΈΒ 12 Mar 2026Β 16:50:20Reported byΒ GitHub_MTypeΒ 
cve
Β cve
πŸ”—Β web.nvd.nist.govπŸ“°οΈΒ 1Β Media mentionsπŸ‘Β 15Β Views🌐 WEB

CVE-2026-28793: TinaCMS CLI dev server path traversal exposes read, write, and delete of files outside the media directory before 2.1.8.

Related
Detection
Affected
Refs
Paths
Social
NVD
Vulners
Node
sswtinacms/cliRange<2.1.8node.js
[
  {
    "vendor": "@tinacms",
    "product": "cli",
    "versions": [
      {
        "version": "< 2.1.8",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
pathpath/media/list/*Path traversal vulnerability in media listing endpoint allowing access to files outside the media directoryCWE-22
pathpath/media/upload/*Path traversal vulnerability in media upload endpoint allowing writing files outside the media directoryCWE-22
pathpath/media/*Path traversal vulnerability in media endpoint allowing access/read/write of files outside the media directoryCWE-22

Data

Build on a solid foundation withΒ Vulners data

WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data

Api

Power your application withΒ Vulners API

The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access

App

Assess and manage vulnerabilities withΒ VulnersΒ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 10:29Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.18.4
EPSS0.00203
SSVC
15