CVE-2026-27202

HIGH

GetSimple CMS - Arbitrary File Read

Title source: llm

Description

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.

References (1)

[Vendor Advisory] https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-xhwv-g6q4-h886

Scores

CVSS v3 7.5

EPSS 0.0003

EPSS Percentile 7.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-23 CWE-22

Status published

Products (1)

getsimple-ce/getsimple_cms 3.3.22

Published Feb 21, 2026

Tracked Since Feb 21, 2026