CVE-2026-49133
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an empty folder argument.
Risk Assessment
This vulnerability allows access to sensitive files, which may lead to data exposure and privacy breaches for the organization.
Recommendation
It is recommended to update Typemill to version 2.24.0 or later to mitigate this vulnerability and review the permissions of users with Author-level access.
Original NVD description (English source)
Typemill before 2.24.0 contains a path traversal vulnerability that allows authenticated attackers with Author-level privileges to read arbitrary files outside the content directory by supplying traversal sequences in the path query parameter passed to Storage::getFile() with an empty folder argument. Attackers can bypass traversal-prevention controls in Storage::getFolderPath() to access sensitive files.

