CVE-2026-34603

High CVSS: 7.1

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like pivot/written-from-media.txt as "inside" the media directory and then performs real filesystem operations through that link target. This allows out-of-root media listing and write access, and the same root cause also affects delete. This issue has been patched in version 2.2.2.

Vendor

Ssw

Product

Tinacms\/cli

CWE

CWE-22

Yayın Tarihi

2026-04-01 17:28:41

Güncelleme

2026-04-07 19:13:12

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Tinacms\/cli HIGH Ssw 2026

Referanslar

https://github.com/tinacms/tinacms/commit/f124eabaca10dac9a4d765c9e4135813c4830955 https://github.com/tinacms/tinacms/security/advisories/GHSA-g87c-r2jp-293w https://github.com/tinacms/tinacms/security/advisories/GHSA-g87c-r2jp-293w

Benzer Kayıtlar

High

CVE-2026-34604

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containmen…

High

CVE-2026-33949

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql…

High

CVE-2026-28791

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS devel…

Critical

CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS con…

High

CVE-2026-28793

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints…

Medium

CVE-2026-29066

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.…