CVE-2026-33949 | Tina CMS up to 2.2.1 GraphQL Mutation relativePath path traversal

April 1, 2026 Yanac

A vulnerability was found in Tina CMS up to 2.2.1. It has been rated as critical. Impacted is an unknown function of the component GraphQL Mutation Handler. Performing a manipulation of the argument relativePath results in path traversal.

This vulnerability is identified as CVE-2026-33949. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More