CVE-2026-34750

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-34750
Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. This issue has been patched in version 3.78.0 for @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/payloadcms/payload/security/advisories/GHSA-frq9-7j6g-v74x Vendor Advisory Mitigation
Configurations

Configuration 1 (hide)

cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*
History

13 Apr 2026, 19:15

Type Values Removed Values Added
First Time Payloadcms
Payloadcms payload
CPE cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*
References () https://github.com/payloadcms/payload/security/advisories/GHSA-frq9-7j6g-v74x - () https://github.com/payloadcms/payload/security/advisories/GHSA-frq9-7j6g-v74x - Vendor Advisory, Mitigation

01 Apr 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-04-01 20:16

Updated : 2026-04-13 19:15

NVD link : CVE-2026-34750

Mitre link : CVE-2026-34750

CVE.ORG link : CVE-2026-34750

JSON object : View

Products Affected

payloadcms

  • payload
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')