Path Traversal in @tinacms/graphql
Description
Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using path.join() without validating that the resolved path remains within the collection root directory. Because path.join() does not prevent directory traversal, paths containing ../ sequences can escape the intended directory boundary. This vulnerability is fixed in 2.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TinaCMS before 2.1.2 allows authenticated users to traverse directories via relative paths in GraphQL mutations, enabling file creation, deletion, or movement outside collection boundaries.
Vulnerability
Overview
CVE-2026-24125 is a path traversal vulnerability in TinaCMS, a headless content management system. Prior to version 2.1.2, the application’s GraphQL mutations accept relativePath and newRelativePath parameters to create, update, delete, or move content documents. The server builds the full file path by joining the collection’s base directory with the user-supplied relative path using path.join(). Because path.join() does not neutralize directory traversal sequences, an attacker can include ../ components to navigate outside the intended collection root directory [1][2].
Exploitation
An authenticated user with editor permissions can exploit this by crafting specific GraphQL requests. For example, the mutation createDocument(collection: "post", relativePath: "../../config/malicious.md", params: {...}) would attempt to create a file two directories above the collection root. Similar patterns exist for moving, renaming, and deleting documents, as well as creating folders. The updateDocument mutation accepts a new relativePath for renaming, and deleteDocument uses the path directly [2].
Impact and
Constraints
Successful exploitation allows an attacker to create files (subject to GraphQL schema validation), move or rename files, delete files, and read file contents via document retrieval mutations. However, several constraints limit the impact: created or modified content must conform to the collection’s GraphQL schema, so arbitrary content injection is prevented. Exploitation also requires authenticated access with CMS editor permissions. Additionally, in typical git-backed deployments, all file operations are tracked in git, providing an audit trail [2].
Mitigation
The vulnerability is fixed in TinaCMS version 2.1.2. Users are advised to upgrade to this version or later [1]. No workaround or other mitigation has been documented. The CVE is not currently listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@tinacms/graphqlnpm | < 2.1.2 | 2.1.2 |
Affected products
2- @tinacms/graphqlv5Range: < 2.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-2238-xc5r-v9hjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24125ghsaADVISORY
- github.com/tinacms/tinacms/security/advisories/GHSA-2238-xc5r-v9hjghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.