{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28791", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-03T14:25:19.244Z", "datePublished": "2026-03-12T16:55:47.528Z", "dateUpdated": "2026-03-13T16:27:56.642Z"}, "containers": {"cna": {"title": "Path Traversal in Media Upload Handle in Tina", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c"}], "affected": [{"vendor": "tinacms", "product": "tinacms", "versions": [{"version": "< 2.1.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T16:55:47.528Z"}, "descriptions": [{"lang": "en", "value": "Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join() without validating that the resulting path stays within the intended media directory. This allows writing files to arbitrary locations on the filesystem. This vulnerability is fixed in 2.1.7."}], "source": {"advisory": "GHSA-5hxf-c7j4-279c", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:27:52.236019Z", "id": "CVE-2026-28791", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:27:56.642Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28791", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-13T16:27:52.236019Z"}}}], "references": [{"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:27:45.861Z"}}], "cna": {"title": "Path Traversal in Media Upload Handle in Tina", "source": {"advisory": "GHSA-5hxf-c7j4-279c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "tinacms", "product": "tinacms", "versions": [{"status": "affected", "version": "< 2.1.7"}]}], "references": [{"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c", "name": "https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join() without validating that the resulting path stays within the intended media directory. This allows writing files to arbitrary locations on the filesystem. This vulnerability is fixed in 2.1.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T16:55:47.528Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28791", "state": "PUBLISHED", "dateUpdated": "2026-03-13T16:27:56.642Z", "dateReserved": "2026-03-03T14:25:19.244Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-12T16:55:47.528Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ssw:tinacms\\/cli:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "230CF05A-3446-4C32-9F67-1EF5E63B25B9", "versionEndExcluding": "2.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join() without validating that the resulting path stays within the intended media directory. This allows writing files to arbitrary locations on the filesystem. This vulnerability is fixed in 2.1.7."}, {"lang": "es", "value": "Tina es un sistema de gesti\u00f3n de contenidos sin cabeza. Antes de la 2.1.7, existe una vulnerabilidad de salto de ruta en el gestor de carga de medios del servidor de desarrollo de TinaCMS. El c\u00f3digo en media.ts une segmentos de ruta controlados por el usuario usando path.join() sin validar que la ruta resultante permanezca dentro del directorio de medios previsto. Esto permite escribir archivos en ubicaciones arbitrarias en el sistema de archivos. Esta vulnerabilidad est\u00e1 corregida en la 2.1.7."}], "id": "CVE-2026-28791", "lastModified": "2026-03-13T19:55:35.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-12T17:16:50.237", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-5hxf-c7j4-279c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}