CVE-2026-24125: Tinacms Media Path Traversal
A path traversal vulnerability occurs when user-controlled input is concatenated using `path.join()` without validating that it resolves within the intended root directory. Using this path in file system functions permits an attacker to perform unauthorized file read, write, or deletion outside the application's bounds.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
JS
JSgreprules fetch cve-2026-24125-tinacms-media-path-traversal --engine opengrepDescription
A path traversal vulnerability occurs when user-controlled input is concatenated using `path.join()` without validating that it resolves within the intended root directory. Using this path in file system functions permits an attacker to perform unauthorized file read, write, or deletion outside the application's bounds.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0