Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
4Blast Radius
ecosystem impact- 6 npm packages depend on @tinacms/graphql (3 direct, 3 indirect)
Ecosystem-wide dependent count for version 2.2.2.
DescriptionGitHub Advisory
Summary
A Path Traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server configuration files and potentially execute arbitrary commands by sabotaging build scripts.
Details
The vulnerability exists in the path validation logic within @tinacms/graphql. Specifically, the regex-based validation in getValidatedPath fails to recognize backslashes (\) as directory separators on non-Windows platforms (Mac/Linux). An attacker can provide a path like x\..\..\..\package.json, which bypasses the validation check but is subsequently treated as a traversal path during file I/O operations by the underlying fs modules and path normalization utilities.
Incriminated code areas:
- [packages/@tinacms/graphql/src/database/bridge/filesystem.ts](tinacms/packages/@tinacms/graphql/src/database/bridge/filesystem.ts): [assertWithinBase](tinacms/graphql/src/database/bridge/filesystem.ts#7-35) function.
- [packages/@tinacms/graphql/src/resolver/index.ts](tinacms/packages/@tinacms/graphql/src/resolver/index.ts):
getValidatedPathfunction.
PoC
- Start the TinaCMS development server.
- Send a malicious GraphQL mutation to overwrite a project file (e.g., [package.json](tinacms/examples/tina-self-hosted-demo/package.json)):
curl -X POST http://localhost:4001/graphql \
-H "Content-Type: application/json" \
-d '{"query": "mutation { updateDocument(collection: \"global\", relativePath: \"x\\\\..\\\\..\\\\..\\\\package.json\", params: { global: { header: { name: \"OVERWRITTEN\" } } }) { __typename } }"}'- Observe that the root [package.json](tinacms/examples/tina-self-hosted-demo/package.json) has been replaced with the provided payload.
<img width="1424" height="516" alt="2026-03-15_12-24-05 PM" src="https://github.com/user-attachments/assets/9fdf94ce-2183-4a24-9cd9-48f21deb9768" />
<img width="1387" height="774" alt="2026-03-15_12-27-33 PM" src="https://github.com/user-attachments/assets/676f083b-f934-4cf2-978b-bb2fabee0216" />
Impact
This is an Arbitrary File Write vulnerability. Any unauthenticated user with network access to the GraphQL API can:
- Overwrite critical server configuration files (e.g., [package.json](tinacms/examples/tina-self-hosted-demo/package.json), [tsconfig.json](tinacms/examples/tina-self-hosted-demo/tsconfig.json)).
- Host malicious scripts in the
public/directory for client-side attacks. - Perform Arbitrary Code Execution by modifying build scripts or server-side logic files that are subsequently executed by the environment.
Weaknesses:
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-73: External Control of File Name or Path
AnalysisAI
Path traversal in TinaCMS GraphQL (@tinacms/graphql) enables unauthenticated remote attackers to write and overwrite arbitrary files within the project root, including critical configuration files like package.json and build scripts. The vulnerability stems from platform-specific path validation failures that treat backslash characters differently on Unix-based systems, allowing traversal sequences like 'x\..\..\..\package.json' to bypass security checks. With a CVSS score of 8.1 and publicly available exploit code demonstrating the attack, this represents a critical security risk for TinaCMS deployments, particularly those exposed to untrusted networks. No CISA KEV listing exists, but the proof-of-concept demonstrates clear exploitation paths to arbitrary code execution via build script modification.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17961
GHSA-v9p7-gf3q-h779