Path Traversal Vulnerability in Tina CMS
CVE-2026-34603
7.1HIGH
What is CVE-2026-34603?
Tina CMS, a headless content management system, has a path traversal vulnerability that allows attackers to access and modify files outside the intended media directory. This flaw arises from an oversight in the implementation of lexical path-traversal checks on the development media routes. Prior to version 2.2.2, it was possible to manipulate paths in such a way that the system would perform unauthorized file system operations, potentially exposing sensitive data or allowing overwriting of existing files. The issue has been resolved in version 2.2.2, highlighting the importance of keeping software updated to safeguard against such vulnerabilities.
Affected Version(s)
tinacms < 2.2.2
