Description
Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an empty folder argument. Attackers can bypass traversal-prevention controls in Storage::getFolderPath() to access sensitive files.
Published: 2026-06-17
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Typemill versions prior to 2.24.0 contain a path traversal flaw that lets an authenticated user with Author privileges read any file outside the content directory. The weakness is a file‑system access control bypass (CWE‑22) triggered by traversal sequences in the path query used by Storage::getFile() when no folder argument is supplied. This permits disclosure of credential files, configuration files, or other sensitive data that resides outside the intended directory.

Affected Systems

The vulnerability affects the Typemill content‑management system, specifically all installations of typemill:typemill running a version earlier than 2.24.0. The correct level of remediation is to upgrade to version 2.24.0 or later.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact on confidentiality for authenticated attackers. The EPSS score is reported as less than 1%, showing a very low probability of observed exploitation at this time, and the issue is not listed in the CISA KEV catalog. Attackers need Author‑level access and to supply a crafted path parameter; once the path is provided, the application bypasses its usual folder‑path validation.

Generated by OpenCVE AI on June 18, 2026 at 19:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to typemill v2.24.0 or later to eliminate the path traversal bug
  • Restrict Author privileges to only those users that truly require content creation rights
  • Monitor application logs for unexpected requests containing traversal sequences or abnormal file‑access patterns

Generated by OpenCVE AI on June 18, 2026 at 19:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Typemill
Typemill typemill
Vendors & Products Typemill
Typemill typemill

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an empty folder argument. Attackers can bypass traversal-prevention controls in Storage::getFolderPath() to access sensitive files.
Title Typemill < 2.24.0 Path Traversal via ControllerApiImage::getPagemedia()
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Typemill Typemill
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-18T12:56:23.621Z

Reserved: 2026-05-27T17:40:12.738Z

Link: CVE-2026-49133

cve-icon Vulnrichment

Updated: 2026-06-18T12:56:19.430Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:00:15Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')