CVE-2026-28791 is a high-severity path traversal vulnerability in tinacms (npm), affecting versions < 2.1.7. It is fixed in 2.1.7.
Affected Package | Field | Value | |-------|-------| | Package | @tinacms/cli | | Version | 2.0.5 (latest at time of discovery) | | Vulnerable File | packages/@tinacms/cli/src/next/commands/dev-command/server/media.ts | | Vulnerable Lines | 42-43 | Summary A path traversal vulnerability (CWE-22) exists in the TinaCMS development server's media upload handler. The code at media.ts:42-43 joins user-controlled path segments using path.join() without validating that the resulting path stays within the intended media directory. This allows writing files to arbitrary locations on the filesystem. Attack Vector: Network (HTTP POST request) Impact: Arbitrary file write, potential Remote Code Execution Details Vulnerable Code Location File: packages/@tinacms/cli/src/next/commands/dev-command/server/media.ts Lines: 42-43 Root Cause The path.join() function resolves .. (parent directory) segments in the path. When the user-supplied path contains traversal sequences like ../../../etc/passwd, these are resolved relative to the media folder, allowing escape to arbitrary filesystem locations. Example: Additional Affected Endpoints The same vulnerability pattern exists in: Delete Handler (handleDelete, lines 29-33) - Arbitrary file deletion List Handler (handleList, lines 16-27) + MediaModel.listMedia - Directory enumeration MediaModel.deleteMedia (lines 201-217) - Arbitrary file deletion Similar code also exists in the Express version at: packages/@tinacms/cli/src/server/routes/index.ts packages/@tinacms/cli/src/server/models/media.ts PoC Quick Verification (No Server Required) This Node.js script directly tests the vulnerable code logic: Output The file was successfully written to /tmp/tmp/target-dir/evil.txt, which is completely outside the intended media folder at /tmp/tinacms-test/public/uploads. Important Note: HTTP Layer vs Code Vulnerability I want to be transparent about my findings: What I observed: When testing via HTTP requests against the Vite dev server, path traversal sequences (../) are normalized by Node.js/Vite's HTTP layer before reaching the vulnerable code This means direct HTTP exploitation like curl POST /media/upload/../../../tmp/evil.txt is mitigated in the default configuration Why this is still a valid vulnerability that should be fixed: The code itself has no validation - If the path reaches the handler (via any vector), it will be exploited Defense-in-depth principle - Security should not rely solely on HTTP normalization Inconsistent protection - Your GraphQL layer (addPendingDocument) explicitly validates paths and rejects ../ (see test at packages/@tinacms/graphql/tests/pending-document-validation/index.test.ts:59), but the media endpoints don't have equivalent protection Different deployment contexts: Reverse proxies (nginx, Apache) with proxypass may preserve raw paths Custom server configurations Future refactoring that uses this code differently The parseMediaFolder helper (line 66-74) shows intent to restrict paths - the upload handler should have similar restrictions Express version also affected - packages/@tinacms/cli/src/server/routes/index.ts has the same pattern Evidence That Path Traversal Should Be Blocked Your codebase already shows that path traversal is considered a security issue: This test explicitly verifies that ../invalid-path.md is rejected in the GraphQL layer. The media upload endpoints should have the same protection. Impact Who is Affected Developers running TinaCMS in development mode Any deployment exposing the TinaCMS dev server API Particularly concerning if dev servers are exposed to networks (common for mobile testing) Potential Attack Scenarios Remote Code Execution: Write malicious files to executable locations Overwrite ~/.ssh/authorizedkeys for SSH access Modify application source code Create cron jobs or systemd services Denial of Service: Delete critical application or system files Information Disclosure: List directory contents outside the media folder CVSS Score Estimate CVSS 3.1 Base Score: 8.1 (High) Attack Vector: Network (AV:N) Attack Complexity: Low (AC:L) Privileges Required: None (PR:N) User Interaction: None (UI:N) Scope: Unchanged (S:U) Confidentiality: None (C:N) Integrity: High (I:H) Availability: High (A:H) Recommended Fix Add path validation to ensure the resolved path stays within the media directory: The same fix should be applied to: handleDelete function handleList function MediaModel.listMedia method MediaModel.deleteMedia method Express router in packages/@tinacms/cli/src/server/ Alternative: Create a Validation Helper References CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') OWASP Path Traversal Node.js path.join() Documentation OWASP Testing Guide - Path Traversal
Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.
CVE-2026-28791 has a CVSS score of 7.4 (High). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (2.1.7). Upgrading removes the vulnerable code path.
npm
tinacms (< 2.1.7)tinacms → 2.1.7 (npm)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's runtime-powered SCA identifies whether CVE-2026-28791 is reachable in your applications. Explore open-source security for your team.
See if CVE-2026-28791 is reachable in your applications. Get a demo
Upgrade tinacms to 2.1.7 or later to resolve this vulnerability.
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
CVE-2026-28791 is a high-severity path traversal vulnerability in tinacms (npm), affecting versions < 2.1.7. It is fixed in 2.1.7. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
CVE-2026-28791 has a CVSS score of 7.4 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
tinacms (npm) versions < 2.1.7 is affected.
Yes. CVE-2026-28791 is fixed in 2.1.7. Upgrade to this version or later.
Whether CVE-2026-28791 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
Upgrade tinacms to 2.1.7 or later.