CVE-2026-29066 (GCVE-0-2026-29066)
Vulnerability from cvelistv5 – Published: 2026-03-12 16:57 – Updated: 2026-03-13 16:27
VLAI
Title
Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI
Summary
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8.
Severity
6.2 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/tinacms/tinacms/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T16:27:18.883170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T16:27:22.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cli",
"vendor": "@tinacms",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite\u0027s built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:57:41.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
}
],
"source": {
"advisory": "GHSA-m48g-4wr2-j2h6",
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29066",
"datePublished": "2026-03-12T16:57:41.393Z",
"dateReserved": "2026-03-03T20:51:43.482Z",
"dateUpdated": "2026-03-13T16:27:22.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-29066",
"date": "2026-05-27",
"epss": "0.06479",
"percentile": "0.91205"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-29066\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-12T17:16:50.700\",\"lastModified\":\"2026-03-13T19:57:18.363\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite\u0027s built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8.\"},{\"lang\":\"es\",\"value\":\"Tina es un sistema de gesti\u00f3n de contenido headless. Antes de la versi\u00f3n 2.1.8, el servidor de desarrollo CLI de TinaCMS configura Vite con server.fs.strict: false, lo que desactiva la restricci\u00f3n de acceso al sistema de archivos integrada de Vite. Esto permite a cualquier atacante no autenticado que pueda alcanzar el servidor de desarrollo leer archivos arbitrarios en el sistema anfitri\u00f3n. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 2.1.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ssw:tinacms\\\\/cli:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2.1.8\",\"matchCriteriaId\":\"1CE10330-2151-486B-AF99-38DC3D2F8FA0\"}]}]}],\"references\":[{\"url\":\"https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI\", \"source\": {\"advisory\": \"GHSA-m48g-4wr2-j2h6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"@tinacms\", \"product\": \"cli\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.1.8\"}]}], \"references\": [{\"url\": \"https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6\", \"name\": \"https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite\u0027s built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-552\", \"description\": \"CWE-552: Files or Directories Accessible to External Parties\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-12T16:57:41.393Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-29066\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-13T16:27:18.883170Z\"}}}], \"references\": [{\"url\": \"https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-03-13T16:27:13.369Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-29066\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-12T16:57:41.393Z\", \"dateReserved\": \"2026-03-03T20:51:43.482Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-12T16:57:41.393Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-29066
Vulnerability from fkie_nvd - Published: 2026-03-12 17:16 - Updated: 2026-03-13 19:57
Severity
Summary
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6 | Exploit, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssw | tinacms\/cli | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ssw:tinacms\\/cli:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1CE10330-2151-486B-AF99-38DC3D2F8FA0",
"versionEndExcluding": "2.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite\u0027s built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8."
},
{
"lang": "es",
"value": "Tina es un sistema de gesti\u00f3n de contenido headless. Antes de la versi\u00f3n 2.1.8, el servidor de desarrollo CLI de TinaCMS configura Vite con server.fs.strict: false, lo que desactiva la restricci\u00f3n de acceso al sistema de archivos integrada de Vite. Esto permite a cualquier atacante no autenticado que pueda alcanzar el servidor de desarrollo leer archivos arbitrarios en el sistema anfitri\u00f3n. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 2.1.8."
}
],
"id": "CVE-2026-29066",
"lastModified": "2026-03-13T19:57:18.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-12T17:16:50.700",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-M48G-4WR2-J2H6
Vulnerability from github – Published: 2026-03-12 20:32 – Updated: 2026-03-12 20:32
VLAI
Summary
TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction
Details
Summary
The TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system
Details
When running tinacms dev, the CLI starts a Vite dev server configured in:
packages/@tinacms/cli/src/next/vite/index.ts
server: {
host: configManager.config?.build?.host ?? false,
...
fs: {
strict: false, // Disables Vite's filesystem access restriction
},
},
TinaCMS middleware only intercepts specific route prefixes (/media/*, /graphql, /altair, /searchIndex). Any request to a path outside these routes falls through to Vite's default static file handler, which will serve the file directly from the absolute path on the filesystem. Additionally, the server enables permissive CORS (cors() with no origin restriction), which may further facilitate browser-based exploitation such as DNS rebinding attacks.
PoC
Prerequisites: TinaCMS CLI dev server running (default port 4001).
- Read system files directly:
curl http://localhost:4001/etc/passwd
curl http://localhost:4001/etc/hostname
Vite resolves and serves the absolute path directly from the filesystem.
Impact
Any developer running tinacms dev in an environment where the dev server port is reachable by an attacker. This includes:
-
Cloud IDEs (GitHub Codespaces, Gitpod) where ports are automatically forwarded and publicly accessible
-
Docker or VM setups with port forwarding configured
-
Misconfigured environments binding to 0.0.0.0 via the build.host config option
-
Systems targeted via DNS rebinding attacks, leveraging the unrestricted CORS policy
-
Local environments with malicious dependencies running on the same machine
An attacker who can reach port 4001 can:
-
Read any file readable by the server process (/etc/passwd, /etc/shadow, SSH private keys)
-
Exfiltrate environment variables and secrets via /proc/self/environ
-
Access cloud credentials and API keys from configuration files
Severity
6.2 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@tinacms/cli"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-29066"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-552"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-12T20:32:43Z",
"nvd_published_at": "2026-03-12T17:16:50Z",
"severity": "MODERATE"
},
"details": "## Summary\nThe TinaCMS CLI dev server configures Vite with `server.fs.strict: false`, which disables Vite\u0027s built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system\n\n## Details\nWhen running `tinacms dev`, the CLI starts a Vite dev server configured in:\n`packages/@tinacms/cli/src/next/vite/index.ts`\n```\nserver: {\n host: configManager.config?.build?.host ?? false,\n ...\n fs: {\n strict: false, // Disables Vite\u0027s filesystem access restriction\n },\n},\n```\nTinaCMS middleware only intercepts specific route prefixes (/media/*, /graphql, /altair, /searchIndex). Any request to a path outside these routes falls through to Vite\u0027s default static file handler, which will serve the file directly from the absolute path on the filesystem.\nAdditionally, the server enables permissive CORS (cors() with no origin restriction), which may further facilitate browser-based exploitation such as DNS rebinding attacks.\n\n## PoC\n\n**Prerequisites**: TinaCMS CLI dev server running (default port 4001).\n\n- Read system files directly:\n```\ncurl http://localhost:4001/etc/passwd\n```\n\u003cimg width=\"705\" height=\"332\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6fd0e1c7-a549-40c8-bc81-af9c343f52a0\" /\u003e\n\n```\ncurl http://localhost:4001/etc/hostname\n```\n\u003cimg width=\"631\" height=\"41\" alt=\"image\" src=\"https://github.com/user-attachments/assets/bd103dc3-d4c3-4774-8007-b55de3fc2a9e\" /\u003e\nVite resolves and serves the absolute path directly from the filesystem.\n\n\n## Impact\nAny developer running tinacms dev in an environment where the dev server port is reachable by an attacker. This includes:\n\n- Cloud IDEs (GitHub Codespaces, Gitpod) where ports are automatically forwarded and publicly accessible\n\n- Docker or VM setups with port forwarding configured\n\n- Misconfigured environments binding to 0.0.0.0 via the build.host config option\n\n- Systems targeted via DNS rebinding attacks, leveraging the unrestricted CORS policy\n\n- Local environments with malicious dependencies running on the same machine\n\nAn attacker who can reach port 4001 can:\n\n- Read any file readable by the server process (/etc/passwd, /etc/shadow, SSH private keys)\n\n- Exfiltrate environment variables and secrets via /proc/self/environ\n\n- Access cloud credentials and API keys from configuration files",
"id": "GHSA-m48g-4wr2-j2h6",
"modified": "2026-03-12T20:32:43Z",
"published": "2026-03-12T20:32:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29066"
},
{
"type": "PACKAGE",
"url": "https://github.com/tinacms/tinacms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…