CVE-2026-33221 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content…
Low CVSS: 2.1

CVE-2026-33221

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type, bypassing any MIME-type-based restrictions configured on storage buckets. This issue has been patched in version 0.12.0.
Vendor
-
Product
-
CWE
CWE-343
Yayın Tarihi
2026-03-20 23:16:46
Güncelleme
2026-03-23 14:32:02
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-343 LOW 2026

Referanslar

https://github.com/nhost/nhost/commit/c4bd53f042d7f568e567e18e2665af81660fce85 https://github.com/nhost/nhost/pull/4018 https://github.com/nhost/nhost/releases/tag/storage%400.12.0 https://github.com/nhost/nhost/security/advisories/GHSA-g9f6-9775-hffm