Signal
TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS
OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream Severity: high Identifiers: [{"cve_id": "CVE-2026-32102"}, {"identifiers": [{"value": "GHSA-228v-wc5r-j8m7", "type": "GHSA"}, {"value": "CVE-2026-32102", "type": "CVE"}]}].
github
tinacms_cli
Evidence locked
Today's free sample is only available for the edition's flagship signal.
Evidence preview
- TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restrictiongithub_advisories
- TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Deletegithub_advisories
- TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in Tin...github_advisories
- OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStreamgithub_advisories