CVE-2026-45233
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk43th percentile — higher than 43% of all known CVEs
Summary
HTMLy CMS version 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint.
Risk Assessment
Attackers can exploit this vulnerability to relocate files writable by the web server process, potentially leading to unauthorized access to sensitive data.
Recommendation
It is recommended to update HTMLy CMS to the latest version to mitigate this vulnerability and implement additional safeguards against path traversal.
Original NVD description (English source)
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences directly to file_exists() and rename() functions in admin.php without canonicalization or directory boundary enforcement to cause unintended relocation of any file writable by the web server process to an attacker-specified draft location.

