CVE-2026-27161
Received Received - Intake
Unauthorized Directory Access in GetSimple CMS via .htaccess Bypass

Publication date: 2026-02-21

Last updated on: 2026-02-24

Assigner: GitHub, Inc.

Description
GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled (common in hardened or shared hosting environments), these protections are silently ignored, allowing unauthenticated attackers to list and download sensitive files including authorization.xml, which contains cryptographic salts and API keys. This issue does not have a fix at the time of publication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-21
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27161
EUVD
EUVD-2026-7750
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
getsimple-ce getsimple_cms to 3.3.22 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27161 is a critical unauthenticated information disclosure vulnerability in GetSimple CMS, a PHP-based content management system. The vulnerability occurs because GetSimple CMS relies on Apache's .htaccess files to restrict access to sensitive directories like /data/ and /backups/. However, if the Apache AllowOverride directive is disabled, which is common in hardened or shared hosting environments, these .htaccess protections are silently ignored."}, {'type': 'paragraph', 'content': 'As a result, unauthenticated remote attackers can list directory contents and download sensitive files directly via HTTP requests without any authentication. For example, attackers can access URLs such as /data/, /backups/, and /data/authorization.xml, the latter containing critical secrets like cryptographic salts and API keys.'}] [1]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information including user XML files, page content, backup archives, and sensitive credentials such as cryptographic salts and API keys.

The exposure of these secrets can facilitate further attacks such as credential compromise, content tampering, and abuse of APIs, potentially leading to a complete compromise of the affected system.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to access sensitive directories and files that should be protected by .htaccess restrictions but may be exposed if Apache's AllowOverride directive is disabled."}, {'type': 'list_item', 'content': 'Use HTTP requests or tools like curl or wget to check if directory listings are accessible, for example:'}, {'type': 'list_item', 'content': 'curl -I http://yourserver/data/'}, {'type': 'list_item', 'content': 'curl -I http://yourserver/backups/'}, {'type': 'list_item', 'content': 'curl http://yourserver/data/authorization.xml'}, {'type': 'paragraph', 'content': 'If these commands return directory listings or the contents of sensitive files without authentication, the vulnerability is present.'}] [1]

Mitigation Strategies

Immediate mitigation steps include:

  • Relocate sensitive directories such as /data/ and /backups/ outside of the web root to prevent direct HTTP access.
  • Implement access controls at the application level instead of relying solely on .htaccess files.
  • Validate Apache configuration to ensure the AllowOverride directive is enabled; if it is disabled, the system should fail securely or prevent installation.
  • Add runtime checks in the application to prevent serving sensitive files regardless of server settings.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27161. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart