The vulnerability stems from improper handling of user-supplied file paths within the document management logic of @tinacms/graphql. The specific functions responsible for executing GraphQL mutations utilize the native Node.js path.join() utility to construct the final absolute file path. The application combines a server-defined collectionRoot directory with the user-provided relativePath variable.

The Node.js path.join() function concatenates the provided string arguments and normalizes the resulting path. Crucially, path.join() processes directory traversal sequences such as ../ during normalization but does not constrain the final path to the base directory. If the collectionRoot is /var/www/content/posts and the attacker supplies ../../../../etc/passwd as the relativePath, path.join() resolves the output to /etc/passwd.

The root cause is the absence of a subsequent boundary check after the path string is resolved. Secure implementations must verify that the absolute path generated by the user input remains a strict subdirectory of the intended collectionRoot. Without this validation step, the application blindly executes file system operations (Create, Update, Delete) on the resolved out-of-bounds path, adopting the permissions of the Node.js process.

mutation { updateDocument( collection: "posts", relativePath: "../../../config/secrets.json", params: { payload: { maliciousKey: "maliciousValue" } } ) { __typename } }

const absoluteCollectionRoot = path.resolve(collectionRoot); const resolvedFilePath = path.resolve(collectionRoot, input.relativePath); if (!resolvedFilePath.startsWith(absoluteCollectionRoot + path.sep)) { throw new Error("Path traversal attempt detected"); }

Product

Affected Versions

Fixed Version

@tinacms/graphql

TinaCMS

< 2.1.2

2.1.2

Attribute

Detail

CWE ID

CWE-22

Attack Vector

Network

CVSS Score

6.3

Privileges Required

Low

Exploit Status

Proof of Concept

KEV Status

Not Listed

CVE-2026-24125

6.3

CVE-2026-24125: Authenticated Path Traversal in TinaCMS GraphQL Mutations

Alon Barad

Software Engineer

Mar 12, 2026·5 min read·3 visits

PoC Available

Executive Summary (TL;DR)

Improper path handling in TinaCMS GraphQL mutations allows authenticated attackers to traverse directories and manipulate arbitrary files via the relativePath parameter. Upgrading to version 2.1.2 resolves the issue.

CVE-2026-24125 is a medium-severity path traversal vulnerability in the @tinacms/graphql package. Authenticated users can exploit improper path validation in GraphQL mutations to create, read, update, or delete arbitrary files on the host system.

Attack Flow Diagram

Vulnerability Overview

CVE-2026-24125 represents a path traversal vulnerability (CWE-22) located within the @tinacms/graphql package of the TinaCMS ecosystem. TinaCMS utilizes GraphQL mutations to manage content documents, allowing authorized users to create, read, update, and delete files within predefined collection directories. The vulnerability manifests when these mutations process user-supplied file paths without adequate boundary validation.

The affected component is responsible for translating API requests into local file system operations. When a user submits a mutation containing document data, the system relies on parameters such as relativePath and newRelativePath to determine the target file's location. The failure to sanitize these inputs before passing them to file system APIs creates an attack vector for path traversal.

Exploitation requires an attacker to possess low-level administrative or API privileges, as the vulnerable GraphQL endpoints are authenticated. Once authenticated, an attacker can supply directory traversal sequences to break out of the intended collection root directory. This grants the attacker the ability to perform read, write, and delete operations on arbitrary files accessible to the Node.js runtime environment.

Technical Root Cause Analysis

Exploit Methodology and Attack Vector

Attackers exploit this vulnerability by interacting directly with the GraphQL API exposed by a vulnerable TinaCMS instance. The attack sequence requires the adversary to authenticate using valid, low-privileged credentials to gain access to the document management mutations. Once authenticated, the attacker crafts a malicious GraphQL query targeting mutations such as createDocument, updateDocument, or deleteDocument.

The execution phase begins when the attacker sends the crafted payload containing directory traversal sequences in the relativePath argument. The following payload demonstrates an attempt to overwrite a configuration file located outside the designated content directory:

mutation {
  updateDocument(
    collection: "posts",
    relativePath: "../../../config/secrets.json",
    params: {
      payload: {
        maliciousKey: "maliciousValue"
      }
    }
  ) {
    __typename
  }
}

A successful attack requires the Node.js process to have write permissions to the targeted destination. The payload forces the server to write the attacker-controlled params data into the specified file. The following sequence diagram illustrates the processing flow of the malicious request:

Impact Assessment

The primary security impact involves unauthorized file system access across three vectors: confidentiality, integrity, and availability. From a confidentiality perspective, an attacker can leverage mutations designed to read documents to extract sensitive data from the host. This includes accessing environment variable files, configuration files containing database credentials, or application source code.

Integrity and availability are compromised through the write and delete mutations. An attacker utilizing the updateDocument mutation can overwrite critical application files. If the attacker targets executable scripts or templating files utilized by the web application, this arbitrary file write primitive can be escalated to Remote Code Execution (RCE). Furthermore, utilizing the deleteDocument mutation against essential system or application files results in a targeted Denial of Service (DoS).

The CVSS v3.1 base score of 6.3 (Medium) reflects the requirement for low-level privileges (PR:L) and the constrained impact on the underlying host system (C:L, I:L, A:L). The attack complexity is low (AC:L) because the vulnerability relies on standard directory traversal techniques without requiring specific race conditions or non-standard configurations. Exploitation leaves direct forensic evidence in GraphQL request logs and file system modification timestamps.

Remediation and Mitigation Strategies

The primary remediation strategy requires updating the @tinacms/graphql package to version 2.1.2 or later. The patch implemented by the maintainers introduces strict boundary validation for all resolved paths during GraphQL mutation processing. Organizations utilizing TinaCMS should verify their dependency trees to ensure no vulnerable versions of the @tinacms/graphql package remain in production environments.

Developers implementing custom file handlers or extending TinaCMS functionality must adopt secure path resolution patterns. The correct approach involves resolving the absolute path of both the base directory and the requested file, followed by a strict prefix check. The following code snippet demonstrates the secure implementation pattern:

const absoluteCollectionRoot = path.resolve(collectionRoot);
const resolvedFilePath = path.resolve(collectionRoot, input.relativePath);
 
if (!resolvedFilePath.startsWith(absoluteCollectionRoot + path.sep)) {
    throw new Error("Path traversal attempt detected");
}

Security teams should deploy detection mechanisms to monitor for exploitation attempts while patches are deployed. Web Application Firewalls (WAF) should be configured to inspect JSON and GraphQL payloads for directory traversal sequences (../, ..\) specifically within arguments mapped to relativePath and newRelativePath. Additionally, application logs should be aggregated and monitored for anomalous file system errors resulting from failed path traversal attempts.