CVE-2026-28791
HIGHssw/tinacms/cli < 2.1.7 - Path Traversal and Arbitrary File Write via Media Upload Handler
Title source: llmDescription
Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join() without validating that the resulting path stays within the intended media directory. This allows writing files to arbitrary locations on the filesystem. This vulnerability is fixed in 2.1.7.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c
Scores
CVSS v3
7.4
EPSS
0.0032
EPSS Percentile
24.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
ssw/tinacms\/cli
< 2.1.7
Published
Mar 12, 2026
Tracked Since
Mar 13, 2026