CVE-2026-24125 | @tinacms graphql up to 2.1.1 path.join path traversal

Inserito da Angelo Barbosa | Mar 12, 2026 | CVE

A vulnerability, which was classified as critical, was found in @tinacms graphql up to 2.1.1. This vulnerability affects the function path.join. Executing a manipulation can lead to path traversal.

This vulnerability is handled as CVE-2026-24125. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-24125 | @tinacms graphql up to 2.1.1 path.join path traversal

Post correlati

CVE-2025-47778 | Sulu up to 2.5.24/2.6.8/3.0.0-alpha2 SvgFileInspector.php xml external entity reference (GHSA-f6rx-hf55-4255)

CVE-2024-0324 | User Profile Builder Plugin up to 3.10.8 on WordPress Setting wppb_two_factor_authentication_settings_update authorization

CVE-2024-56661 | Linux Kernel up to 6.13-rc2 tipc cleanup_bearer null pointer dereference

CVE-2025-14695 | SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b Inter-plugin API index.js html_renderer action dynamically-managed code resources