CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2025-68278

Arbitrary Code Execution in TinaCMS via Insecure Frontmatter Parsing

Alon Barad
Alon Barad
Software Engineer

Mar 1, 2026·5 min read·8 visits

Executive Summary (TL;DR)

Improper configuration of the 'gray-matter' library in TinaCMS allows attackers to execute arbitrary code by embedding JavaScript in markdown frontmatter. Upgrade to version 3.1.1 immediately.

TinaCMS versions prior to 3.1.1 contain a critical arbitrary code execution vulnerability stemming from insecure default configurations in its markdown parsing logic. The system utilizes the 'gray-matter' library to process content files but fails to disable the execution of embedded JavaScript and CoffeeScript within frontmatter blocks. This allows authenticated attackers with content creation privileges—or external actors capable of submitting pull requests—to inject malicious payloads that execute in the context of the TinaCMS server or CLI tools during the build process.

Vulnerability Overview

TinaCMS is a headless content management system that enables developers to build content editing capabilities directly into React-based applications. A core function of the CMS is parsing markdown files to extract metadata (frontmatter) and content. This parsing is handled by the gray-matter library.

The vulnerability exists because TinaCMS initialized gray-matter without restricting its default engine capabilities. By default, gray-matter recognizes delimiters for multiple languages, including JavaScript (---js) and CoffeeScript (---coffee). When the library encounters these delimiters, it attempts to parse the content as code, often using unsafe evaluation methods like eval or require. This behavior transforms the markdown parser into a vector for server-side code execution.

An attacker can exploit this by creating or modifying a markdown file to include a malicious script in the frontmatter. When the TinaCMS GraphQL server or CLI tool processes this file, the injected code is executed on the host system. This affects the tinacms core package, as well as @tinacms/cli and @tinacms/graphql.

Root Cause Analysis

The root cause of CVE-2025-68278 is the failure to explicitly disable unsafe parsing engines in the gray-matter configuration. While gray-matter is a robust library, its documentation explicitly warns that the JavaScript and CoffeeScript parsers are unsafe for untrusted input because they execute code during the parsing phase.

In the vulnerable versions of TinaCMS, the parsing logic resides in packages/@tinacms/graphql/src/database/util.ts. The code invoked the parser without passing an engines configuration object that restricted supported languages. Consequently, the library fell back to its defaults, which include support for js, javascript, coffee, and coffeescript.

This behavior violates the principle of least privilege regarding input handling. A content management system should treat data files as static content or strictly structured data (like YAML or JSON), never as executable scripts. By implicitly trusting the default behavior of the dependency, TinaCMS exposed the underlying runtime environment to arbitrary code execution.

Code Analysis

The remediation involves explicitly overriding the unsafe engines in the gray-matter configuration. The developers introduced a configuration object that defines custom handlers for the dangerous types, forcing them to throw errors instead of executing code.

Below is the analysis of the fix applied in packages/@tinacms/graphql/src/database/util.ts:

// PATCH ANALYSIS: Explicitly disable unsafe engines
 
const matterEngines = {
  // Define handlers that immediately throw errors when invoked
  js: {
    parse: () => {
      throw new Error('JavaScript execution in frontmatter is not allowed for security reasons');
    },
    stringify: () => {
      throw new Error('JavaScript execution in frontmatter is not allowed for security reasons');
    },
  },
  // Apply the same restriction to aliases and CoffeeScript
  javascript: {
    parse: () => { throw new Error(...); },
    stringify: () => { throw new Error(...); }
  },
  coffee: {
    parse: () => { throw new Error(...); },
    stringify: () => { throw new Error(...); }
  },
  coffeescript: {
    parse: () => { throw new Error(...); },
    stringify: () => { throw new Error(...); }
  },
  // TOML and YAML remain supported (omitted for brevity)
};
 
// The matter function is now called with these restricted engines
// preventing the library from using its default unsafe eval/require logic.

This change ensures that even if an attacker injects a ---js block, the application will reject the file with a security error rather than executing the payload. This is a robust fix as it addresses the issue at the parsing configuration level.

Exploitation Methodology

Exploitation requires the ability to modify markdown files processed by TinaCMS. This could be achieved by an authenticated user with content editing permissions, or by an external contributor submitting a malicious Pull Request in workflows where TinaCMS processes PR content automatically (e.g., CI/CD pipelines or preview environments).

The attacker crafts a markdown file replacing standard YAML frontmatter with a JavaScript block. The gray-matter library parses this block using the Node.js require or eval context, allowing access to standard libraries like fs (filesystem) and child_process.

Proof of Concept Payload

---js
{
  "onLoad": (function(){
    const { execSync } = require('child_process');
    // Execute arbitrary system commands
    const output = execSync('id').toString();
    // Exfiltrate data or modify system state
    require('fs').writeFileSync('pwned.txt', output);
    return {};
  })()
}
---
# Innocent Looking Post
 
This content appears normal but triggers RCE on save/build.

When the vulnerable TinaCMS instance parses this file, the immediate invoked function expression (IIFE) executes, running the system command id and writing the result to disk.

Impact Assessment

The impact of this vulnerability is rated High (CVSS 7.3). Successful exploitation grants the attacker the privileges of the Node.js process running the TinaCMS server or CLI.

Confidentiality: Attackers can read sensitive files from the server, including environment variables, database credentials, and source code. In cloud environments (e.g., AWS Lambda, Vercel), they may be able to exfiltrate temporary credentials to pivot to other infrastructure.

Integrity: Attackers can modify files, inject persistent backdoors into the CMS codebase, or alter database contents. They could potentially modify other content files to spread the attack to site visitors (Stored XSS).

Availability: Attackers can crash the server, delete critical files, or consume resources to cause a Denial of Service. Since TinaCMS is often used in build pipelines, this could also poison the build cache or compromise the deployment chain.

Official Patches

TinaCMSOfficial patch commit

Fix Analysis (1)

Technical Appendix

CVSS Score
7.3/ 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
EPSS Probability
0.10%
Top 72% most exploited

Affected Systems

TinaCMSTinaCMS CLITinaCMS GraphQL Server

Affected Versions Detail

Product
Affected Versions
Fixed Version
tinacms
TinaCMS
< 3.1.13.1.1
@tinacms/cli
TinaCMS
< 2.0.42.0.4
@tinacms/graphql
TinaCMS
< 2.0.32.0.3
AttributeDetail
CWECWE-94: Improper Control of Generation of Code
CVSS v4.07.3 (High)
Attack VectorNetwork
Privileges RequiredLow (Content Editor)
Affected Librarygray-matter
Exploit StatusProof of Concept Available

MITRE ATT&CK Mapping

T1059Command and Scripting Interpreter
Execution
T1190Exploit Public-Facing Application
Initial Access
T1203Exploitation for Client Execution
Execution
CWE-94
Improper Control of Generation of Code ('Code Injection')

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Known Exploits & Detection

GitHub Security AdvisoryAdvisory containing PoC and mitigation details

Vulnerability Timeline

Vulnerability identified
2025-12-15
Patch committed to repository
2025-12-17
Public disclosure via GHSA and CVE
2025-12-18

References & Sources

  • [1]GHSA-529f-9qwm-9628
  • [2]NVD CVE-2025-68278

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•30 minutes ago•CVE-2026-48517
7.5

CVE-2026-48517: Remote Code Execution via Typeless Deserialization Blocklist Bypass in MessagePack-CSharp

A critical vulnerability exists in MessagePack-CSharp's typeless deserialization mechanism where configured blocklists fail to recursively inspect nested types. An attacker can bypass security restrictions by wrapping unauthorized types in arrays or generic collections, allowing insecure deserialization and remote code execution.

Alon Barad
Alon Barad
2 views•7 min read
•about 5 hours ago•CVE-2026-48713
9.1

CVE-2026-48713: Remote Prototype Pollution in i18next-fs-backend

A critical prototype pollution vulnerability exists in the i18next-fs-backend Node.js package (prior to version 2.6.6) through its translation persistence layer. When handling missing translation keys, insecure traversal of JSON objects via the getLastOfPath function allows remote, unauthenticated attackers to mutate Object.prototype, potentially leading to denial of service, security bypasses, or remote code execution.

Alon Barad
Alon Barad
3 views•7 min read
•1 day ago•CVE-2026-48708
7.5

CVE-2026-48708: Concurrent Template Parsing Race Condition in OliveTin leading to Cross-Request Command Contamination

CVE-2026-48708 details a critical concurrency synchronization flaw in OliveTin versions < 3000.13.0. A shared package-level text/template.Template instance is accessed concurrently across multiple goroutines without proper synchronization. When concurrent request processing occurs, a race condition causes Go runtime panics or command contamination across separate sessions, enabling denial of service or execution of contaminated commands.

Amit Schendel
Amit Schendel
7 views•6 min read
•1 day ago•CVE-2026-48709
3.7

CVE-2026-48709: Missing Authorization in OliveTin ValidateArgumentType RPC Endpoint

A missing authorization vulnerability in the OliveTin system allows unauthenticated remote actors to query the ValidateArgumentType RPC endpoint. By exploiting this flaw, attackers can execute systematic brute-force and side-channel validation attacks to enumerate active action binding IDs, parameter structures, and operational metadata, bypassing configured guest authentication barriers.

Amit Schendel
Amit Schendel
5 views•7 min read
•1 day ago•CVE-2026-48166
5.3

CVE-2026-48166: Timing-Based User Enumeration on Login Page in Filament

An observable timing discrepancy vulnerability (CWE-208) in Filament's administrative login page allows unauthenticated remote attackers to determine the existence of registered email addresses. This timing side-channel arises from short-circuiting logic that skips expensive password hashing checks when a queried email address is not found in the database. Attackers can execute statistical timing attacks to map active administrator accounts, facilitating subsequent targeted brute-force or credential-stuffing campaigns.

Alon Barad
Alon Barad
9 views•6 min read
•1 day ago•CVE-2026-48167
6.4

CVE-2026-48167: Stored Cross-Site Scripting (XSS) via Attribute Injection in Filament ImageColumn and ImageEntry

Filament's ImageColumn (used in tables) and ImageEntry (used in infolists) components render database values inside HTML attributes without validation or sanitization. This allows an attacker to inject arbitrary HTML attributes, leading to Stored Cross-Site Scripting (XSS).

Amit Schendel
Amit Schendel
12 views•5 min read