CVE-2026-27161
Unauthorized Directory Access in GetSimple CMS via .htaccess Bypass
Publication date: 2026-02-21
Last updated on: 2026-02-24
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| getsimple-ce | getsimple_cms | to 3.3.22 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27161 is a critical unauthenticated information disclosure vulnerability in GetSimple CMS, a PHP-based content management system. The vulnerability occurs because GetSimple CMS relies on Apache's .htaccess files to restrict access to sensitive directories like /data/ and /backups/. However, if the Apache AllowOverride directive is disabled, which is common in hardened or shared hosting environments, these .htaccess protections are silently ignored."}, {'type': 'paragraph', 'content': 'As a result, unauthenticated remote attackers can list directory contents and download sensitive files directly via HTTP requests without any authentication. For example, attackers can access URLs such as /data/, /backups/, and /data/authorization.xml, the latter containing critical secrets like cryptographic salts and API keys.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information including user XML files, page content, backup archives, and sensitive credentials such as cryptographic salts and API keys.
The exposure of these secrets can facilitate further attacks such as credential compromise, content tampering, and abuse of APIs, potentially leading to a complete compromise of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to access sensitive directories and files that should be protected by .htaccess restrictions but may be exposed if Apache's AllowOverride directive is disabled."}, {'type': 'list_item', 'content': 'Use HTTP requests or tools like curl or wget to check if directory listings are accessible, for example:'}, {'type': 'list_item', 'content': 'curl -I http://yourserver/data/'}, {'type': 'list_item', 'content': 'curl -I http://yourserver/backups/'}, {'type': 'list_item', 'content': 'curl http://yourserver/data/authorization.xml'}, {'type': 'paragraph', 'content': 'If these commands return directory listings or the contents of sensitive files without authentication, the vulnerability is present.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Relocate sensitive directories such as /data/ and /backups/ outside of the web root to prevent direct HTTP access.
- Implement access controls at the application level instead of relying solely on .htaccess files.
- Validate Apache configuration to ensure the AllowOverride directive is enabled; if it is disabled, the system should fail securely or prevent installation.
- Add runtime checks in the application to prevent serving sensitive files regardless of server settings.