Path Traversal Vulnerability in Typemill by Typemill
CVE-2026-49133

7.1HIGH

Key Information:

Vendor

Typemill

Status
Typemill
Vendor
CVE Published:
17 June 2026

What is CVE-2026-49133?

Typemill versions prior to 2.24.0 are susceptible to a path traversal vulnerability that allows authenticated users with Author-level permissions to read files outside of designated content areas. By providing specific path traversal sequences in the Storage::getFile() method with an empty folder argument, attackers can exploit this flaw to bypass security measures in Storage::getFolderPath(), thereby gaining unauthorized access to sensitive files within the server.

Affected Version(s)

typemill 0

References

https://github.com/typemill/typemill/releases/tag/v2.24.2
release-notes
https://github.com/typemill/typemill/commit/bfbb27001acd5...
patch
https://www.vulncheck.com/advisories/typemill-path-traver...
third-party-advisory

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Saidakbarxon Maxsudxonov
VulnCheck
.