Executive Summary
CVE-2026-28792 is a critical remote file disclosure vulnerability in TinaCMS, a widely-used open-source headless content management system. The flaw exists in the TinaCMS CLI dev server and combines two weaknesses: a permissive CORS configuration (Access-Control-Allow-Origin: *) and a path traversal vulnerability that allows navigation outside the intended content directory.
CVSS Score: 9.6 (Critical)
Together, these flaws enable a browser-based drive-by attack: a developer visiting a malicious webpage while running the TinaCMS dev server can have arbitrary files read from their machine and exfiltrated to an attacker-controlled server — entirely without user interaction beyond loading the page.
This vulnerability is fixed in TinaCMS 2.1.8. Any developer running the TinaCMS CLI dev server on a prior version while browsing the web is at risk.
Vulnerability Overview
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-28792 |
| CVSS Score | 9.6 (Critical) |
| Type | Path Traversal + CORS Misconfiguration (File Disclosure) |
| Attack Vector | Network (Browser-Based Drive-By) |
| Privileges Required | None |
| User Interaction | Required (victim visits malicious page) |
| Scope | Changed |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | Low |
| Component | TinaCMS CLI Dev Server |
| Fixed Version | 2.1.8+ |
Affected Products
| Product | Affected Versions | Remediation |
|---|---|---|
TinaCMS CLI (@tinacms/cli) | < 2.1.8 | Upgrade to 2.1.8 or later |
Technical Analysis
Component: TinaCMS CLI Dev Server
The TinaCMS CLI includes a local development server that developers run during content editing workflows. This server:
- Listens on
localhost(typicallyhttp://localhost:4001) - Serves the TinaCMS editing UI and backend GraphQL API
- Reads and writes MDX/markdown content files from the project directory
The dev server is intended exclusively for local development use. However, it exposes an HTTP interface on localhost that is accessible to any process or browser tab running on the same machine.
Flaw 1: Permissive CORS Configuration
The TinaCMS dev server sets Access-Control-Allow-Origin: * on all responses, including API endpoints that serve file content. This allows any webpage in any browser tab to make cross-origin requests to the locally running dev server and read the responses.
Under normal web security (the Same-Origin Policy), a malicious webpage at https://evil.example.com cannot read responses from http://localhost:4001. The Access-Control-Allow-Origin: * header explicitly bypasses this protection, granting every origin full read access to the dev server's API.
Flaw 2: Path Traversal
The TinaCMS dev server contains a path traversal vulnerability (previously reported) in its file-serving logic. Crafted requests using ../ sequences can escape the intended content directory and reach arbitrary locations on the filesystem — including:
~/.ssh/(SSH private keys)~/.aws/credentials(AWS access keys).envfiles throughout the project tree/etc/passwd,/etc/hosts- Browser stored credential databases
- Any file readable by the user running the dev server
The Combined Attack Chain
The two flaws combine into a zero-click drive-by attack requiring only that the victim visits a malicious webpage while their TinaCMS dev server is running:
Attack Chain:
1. Attacker creates a malicious webpage with embedded JavaScript
2. Developer visits the malicious page (phishing, typosquat, malvertising, etc.)
3. JavaScript fetches http://localhost:4001/api/../../.ssh/id_rsa
→ CORS: * means the browser completes this cross-origin request
→ Path traversal: ../ sequences reach files outside content dir
4. Browser returns file content to the malicious webpage's JavaScript
5. JavaScript exfiltrates file content to attacker's server
6. Developer is unaware — no prompts, no visible indicatorsEnumeration Capability
Attackers can enumerate file paths systematically using the same technique:
// Conceptual attack (for understanding only)
const targets = [
'../../.ssh/id_rsa',
'../../.ssh/id_ed25519',
'../../.aws/credentials',
'../../.env',
'../../../.env',
'../../.gitconfig'
];
// Each fetched cross-origin via CORS: * misconfigurationThis enables systematic credential harvesting across common developer secret storage locations.
Impact Assessment
| Impact Area | Description |
|---|---|
| SSH Private Key Theft | ~/.ssh/id_rsa and other private keys readable — enables server access |
| Cloud Credential Exfiltration | ~/.aws/credentials, GCP/Azure credential files — full cloud account access |
| Environment Variable Theft | .env files containing API keys, database passwords, OAuth secrets |
| Source Code / IP Disclosure | Arbitrary source files readable via path traversal |
| No Authentication Required | Attack requires only network reachability to localhost (any browser tab) |
| Passive — No User Action | Victim only needs to visit the malicious page; no downloads or prompts |
Who Is at Risk
Any developer who:
- Runs
npx tinacms devortina dev(TinaCMS CLI dev server) - Uses a version of
@tinacms/cliprior to 2.1.8 - Browses the web in the same browser session — visiting any page could trigger the attack
High-risk developer profiles:
- Jamstack / Next.js developers using TinaCMS for content management
- Agency developers managing multiple TinaCMS-powered client sites
- Open-source contributors running TinaCMS locally against GitHub repositories
Immediate Remediation
Step 1: Upgrade TinaCMS CLI to 2.1.8+
# Check current version
npx @tinacms/cli --version
# Update via npm
npm install @tinacms/cli@latest
# Update via yarn
yarn upgrade @tinacms/cli
# Verify updated version
npx @tinacms/cli --versionStep 2: If Immediate Upgrade Is Not Possible
# Stop the TinaCMS dev server when not actively using it
# Use browser profiles — run TinaCMS dev work in a dedicated browser profile
# that is not used for general browsing
# Check if dev server is currently running
lsof -i :4001 # macOS/Linux
netstat -an | grep 4001 # WindowsStep 3: Audit for Prior Exposure
# Review shell history and server logs for unexpected connections to port 4001
# Check for unexpected processes that may have connected to the dev server
netstat -an | grep 4001
# Review SSH authorized_keys for unexpected entries (in case keys were compromised)
cat ~/.ssh/authorized_keys
# Rotate any secrets that may have been accessible via .env files while
# running a vulnerable TinaCMS version during web browsingStep 4: Rotate Potentially Exposed Credentials
If you ran a vulnerable TinaCMS version while browsing untrusted sites, rotate:
- SSH private keys (generate new key pair, update all servers)
- AWS/GCP/Azure access keys
- API keys in
.envfiles - OAuth client secrets
- Database passwords
Detection Indicators
| Indicator | Description |
|---|---|
Unexpected connections to localhost:4001 in network logs | Potential exploitation attempt |
| Browser console errors from cross-origin requests to localhost | Attack artifacts in browser devtools |
| Unusual outbound connections from the browser process | Exfiltration of harvested credentials |
| SSH authentication from unexpected IPs | Possible key compromise post-exploitation |
| Cloud API calls from unexpected regions or IPs | Possible cloud credential abuse |
Developer Security Best Practices
- Never run dev servers with wildcard CORS — bind to
127.0.0.1only and use restrictive CORS - Use browser profiles — separate profile for local development vs. general browsing
- Keep dev dependencies updated — patch dev tooling as promptly as production code
- Store secrets in a secrets manager — avoid
.envfiles with production credentials on dev machines - Audit localhost services — periodically review what ports are listening on your machine