Home / Vulnerability Intelligence / CVE-2026-28793

CVE-2026-28793 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 13, 2026

TinaCMS - Path Traversal

Published: March 12, 2026Updated: March 13, 2026PoC Available

Overview

TinaCMS CLI development server < 2.1.8 contains a path traversal caused by improper validation of user-controlled path segments in media endpoints, letting attackers read and write arbitrary files outside the media directory, exploit requires running tinacms dev.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 1.8%(Probability of exploitation in next 30 days)

Impact

Attackers can read and write arbitrary files on the filesystem, potentially leading to full system compromise.

Mitigation

Upgrade to version 2.1.8 or later.

References

https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 12, 2026

🟠 CVE-2026-28793 - High (8.4) Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the inte... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28793/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28793
Severity: High
CVSS Score: 8.4
Type: path_traversal
Status: confirmed
EPSS: 1.8%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.8%Probability of exploitation in the next 30 days