{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34604", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T17:15:52.500Z", "datePublished": "2026-04-01T16:05:15.196Z", "dateUpdated": "2026-04-01T17:59:46.120Z"}, "containers": {"cna": {"title": "@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-59", "lang": "en", "description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/tinacms/tinacms/security/advisories/GHSA-g9c2-gf25-3x67", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-g9c2-gf25-3x67"}, {"name": "https://github.com/tinacms/tinacms/commit/f124eabaca10dac9a4d765c9e4135813c4830955", "tags": ["x_refsource_MISC"], "url": "https://github.com/tinacms/tinacms/commit/f124eabaca10dac9a4d765c9e4135813c4830955"}], "affected": [{"vendor": "tinacms", "product": "tinacms", "versions": [{"version": "< 2.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T16:05:15.196Z"}, "descriptions": [{"lang": "en", "value": "Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed content root, a path like content/posts/pivot/owned.md is still considered \"inside\" the base even though the real filesystem target can be outside it. As a result, FilesystemBridge.get(), put(), delete(), and glob() can operate on files outside the intended root. This issue has been patched in version 2.2.2."}], "source": {"advisory": "GHSA-g9c2-gf25-3x67", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-g9c2-gf25-3x67", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T17:59:42.739451Z", "id": "CVE-2026-34604", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T17:59:46.120Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34604", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T17:59:42.739451Z"}}}], "references": [{"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-g9c2-gf25-3x67", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T17:59:37.575Z"}}], "cna": {"title": "@tinacms/graphql's `FilesystemBridge` Path Validation Can Be Bypassed via Symlinks or Junctions", "source": {"advisory": "GHSA-g9c2-gf25-3x67", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "tinacms", "product": "tinacms", "versions": [{"status": "affected", "version": "< 2.2.2"}]}], "references": [{"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-g9c2-gf25-3x67", "name": "https://github.com/tinacms/tinacms/security/advisories/GHSA-g9c2-gf25-3x67", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/tinacms/tinacms/commit/f124eabaca10dac9a4d765c9e4135813c4830955", "name": "https://github.com/tinacms/tinacms/commit/f124eabaca10dac9a4d765c9e4135813c4830955", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed content root, a path like content/posts/pivot/owned.md is still considered \"inside\" the base even though the real filesystem target can be outside it. As a result, FilesystemBridge.get(), put(), delete(), and glob() can operate on files outside the intended root. This issue has been patched in version 2.2.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-01T16:05:15.196Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34604", "state": "PUBLISHED", "dateUpdated": "2026-04-01T17:59:46.120Z", "dateReserved": "2026-03-30T17:15:52.500Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-01T16:05:15.196Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ssw:tinacms\\/graphql:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "C7C5E716-5EA4-499D-B5C0-864632E2620D", "versionEndIncluding": "2.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed content root, a path like content/posts/pivot/owned.md is still considered \"inside\" the base even though the real filesystem target can be outside it. As a result, FilesystemBridge.get(), put(), delete(), and glob() can operate on files outside the intended root. This issue has been patched in version 2.2.2."}], "id": "CVE-2026-34604", "lastModified": "2026-04-07T19:08:26.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-01T17:28:41.280", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/tinacms/tinacms/commit/f124eabaca10dac9a4d765c9e4135813c4830955"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-g9c2-gf25-3x67"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"], "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-g9c2-gf25-3x67"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-59"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.2.2)"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 89.0, "source": "matching"}]}, "original": {"product": "tinacms", "source": "cna", "vendor": "tinacms"}, "product": "tinacms", "vendor": "tina"}], "analysis": {"en": {"generated_at": "2026-04-07T21:48:41.292463+00:00", "value": {"mitigation_remediation": ["Upgrade @tinacms/graphql to version 2.2.2 or later", "If upgrade is not feasible, ensure that no symlinks or junctions exist under the allowed content root and sanitize input paths", "Monitor filesystem operations for unauthorized access attempts"], "summary": {"action": "Patch Immediately", "impact": "File Access Outside Root (Potential Data Leakage)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the tinacms:tinacms product, specifically the @tinacms/graphql library used in Tina CMS. All releases prior to version 2.2.2 are vulnerable; version 2.2.2 and later include the fix.", "description_and_impact": "The FilesystemBridge in @tinacms/graphql performs path containment checks that allow traversal via plain ../ but fail to resolve symlink or junction targets. As a result, file operations such as get, put, delete, and glob can act on files outside the intended content root. This flaw enables an attacker who can create or manipulate symlinks or junctions to read from or write to arbitrary files on the filesystem, potentially exposing sensitive data or compromising application integrity.", "risk_and_exploitability": "With a CVSS score of 7.1, the flaw is considered high severity. The EPSS score is below 1% and the vulnerability is not listed in CISA\u2019s KEV catalog, indicating a low probability of widespread exploitation. The likely attack vector is local: an attacker who can influence the creation of symlinks or junctions within the content root can subvert path validation, read or modify files outside the root, and thereby potentially exfiltrate data or tamper with the deployment."}}}}, "created": "2026-04-02T07:48:54.411499+00:00", "updated": "2026-04-08T19:57:05.629439+00:00", "vendors": ["tina", "tina$PRODUCT$tinacms"]}