File Read Vulnerability in TinaCMS Affecting Versions Prior to 2.1.8
CVE-2026-29066
6.2MEDIUM
What is CVE-2026-29066?
TinaCMS, a headless content management system, exhibits a file read vulnerability due to its dev server configuration setting âserver.fs.strictâ to false prior to version 2.1.8. This misconfiguration allows unauthenticated attackers to access the development server, enabling them to read arbitrary files on the host system. Upgrade to TinaCMS version 2.1.8 or later to mitigate this risk and enhance your system's security.
Affected Version(s)
cli < 2.1.8
