CVE-2026-28792

{"id": "CVE-2026-28792", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2026-03-12T17:16:50.387", "references": [{"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-8pw3-9m7f-q734", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-8pw3-9m7f-q734", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-942"}]}], "descriptions": [{"lang": "en", "value": "Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply tricking them into visiting a malicious website while tinacms dev is running. This vulnerability is fixed in 2.1.8."}, {"lang": "es", "value": "Tina es un sistema de gesti\u00f3n de contenido sin cabeza. Previo a la 2.1.8, el servidor de desarrollo CLI de TinaCMS combina una configuraci\u00f3n CORS permisiva (Access-Control-Allow-Origin: *) con la vulnerabilidad de salto de ruta (previamente reportada) para permitir un ataque drive-by basado en el navegador. Un atacante remoto puede enumerar el sistema de archivos, escribir archivos arbitrarios y eliminar archivos arbitrarios en las m\u00e1quinas de los desarrolladores simplemente enga\u00f1\u00e1ndolos para que visiten un sitio web malicioso mientras tinacms dev est\u00e1 en ejecuci\u00f3n. Esta vulnerabilidad est\u00e1 corregida en la 2.1.8."}], "lastModified": "2026-03-13T19:54:32.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ssw:tinacms\\/cli:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "1CE10330-2151-486B-AF99-38DC3D2F8FA0", "versionEndExcluding": "2.1.8"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}