CVE-2026-27202

HIGH
2026-02-21 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:04 vuln.today
PoC Detected
Feb 24, 2026 - 13:08 vuln.today
Public exploit code
CVE Published
Feb 21, 2026 - 00:16 nvd
HIGH 7.5

Tags

Path Traversal Getsimple Cms

Description

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.

Analysis

Arbitrary file read vulnerability in GetSimple CMS affects all versions through its Uploaded Files feature, allowing unauthenticated remote attackers to access sensitive files on affected systems. Public exploit code exists for this vulnerability, and no patch is currently available. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all GetSimple CMS instances in your environment and document their criticality and exposure level. Within 7 days: Implement network-level access controls to restrict file upload functionality, disable the Uploaded Files feature if not operationally critical, or deploy WAF rules to block malicious file read requests. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

58
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: +20

Share

CVE-2026-27202 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy