Description
A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.
Published: 2026-04-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Arbitrary File Write via XML‑RPC
Action: Patch
AI Analysis

Impact

Textpattern CMS contains a path‑traversal flaw in its XML‑RPC handler's mt_uploadImage function. A crafted file.name argument can cause the server to write files outside the designated upload folder. This allows the attacker to create or modify arbitrary files, potentially including executable code, thereby enabling remote code execution. The vulnerability can be reached through the publicly exposed XML‑RPC endpoint.

Affected Systems

Textpattern CMS versions 4.9.1 and earlier are affected. The flaw exists across all platforms where the vulnerable PHP script is deployed beneath the web root, and it impacts installations that expose the XML‑RPC interface for image uploads. Versions newer than 4.9.1 are not known to be affected.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. A publicly available exploit demonstrates that attackers can successfully carry out the attack, indicating that the path‑traversal can be exercised remotely. Because authentication requirements are not specified, the attack vector is assumed to be accessible from the public network via the XML‑RPC interface, with no mandatory credentials inferred from the description.

Generated by OpenCVE AI on April 2, 2026 at 17:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch as soon as it is released.
  • If the XML‑RPC interface is not required, disable it or restrict access to authorized users.
  • Restrict file system permissions on the upload directory to prevent writes outside the intended directory.
  • Monitor the upload directory and server logs for unexpected files or activity.

Generated by OpenCVE AI on April 2, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.
Title Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal
First Time appeared Textpattern
Textpattern textpattern
Weaknesses CWE-22
CPEs cpe:2.3:a:textpattern:textpattern:*:*:*:*:*:*:*:*
Vendors & Products Textpattern
Textpattern textpattern
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Textpattern Textpattern
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T15:24:37.898Z

Reserved: 2026-04-01T15:57:11.072Z

Link: CVE-2026-5344

cve-icon Vulnrichment

Updated: 2026-04-02T15:24:33.655Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T15:16:53.613

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-5344

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:20:54Z

Weaknesses