CVE-2026-45233
Deferred Deferred - Pending Action
Path Traversal in HTMLy CMS

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: VulnCheck

Description
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences directly to file_exists() and rename() functions in admin.php without canonicalization or directory boundary enforcement to cause unintended relocation of any file writable by the web server process to an attacker-specified draft location.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-45233
EUVD
EUVD-2026-39459
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
htmly cms 3.1.1
htmly cms to 3.1.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45233 is a path traversal vulnerability in HTMLy CMS version 3.1.1 that affects the autosave feature in the admin panel. It allows low-privileged authenticated attackers to manipulate the oldfile parameter by supplying directory traversal sequences (like "../"). This parameter is used directly in filesystem functions such as file_exists() and rename() without proper validation or path canonicalization.

Because the application does not restrict or sanitize these paths, attackers can relocate arbitrary files writable by the web server process to attacker-specified locations, potentially outside the intended directories.

This can lead to unauthorized file modifications, content corruption, or interference with other users' files.

Impact Analysis

This vulnerability can have several impacts including unauthorized relocation or modification of files writable by the web server process.

  • Potential denial of service by corrupting or interfering with critical files.
  • Corruption or loss of content managed by the CMS.
  • Interference with other users' files or data integrity.

Overall, it poses a high risk to application integrity and availability.

Detection Guidance

Detection of this vulnerability involves identifying attempts to exploit the path traversal in the oldfile parameter at the /admin/autosave endpoint. Monitoring web server logs for requests containing directory traversal sequences such as "../" in the oldfile parameter can indicate exploitation attempts.

You can use commands to search your web server access logs for suspicious requests. For example, using grep on Linux systems:

  • grep -i 'oldfile=.*\.\./' /var/log/apache2/access.log
  • grep -i 'oldfile=.*\.\./' /var/log/nginx/access.log

Additionally, you can use intrusion detection systems or web application firewalls (WAFs) to detect and alert on such directory traversal patterns targeting the /admin/autosave endpoint.

Mitigation Strategies

Immediate mitigation steps include restricting access to the /admin/autosave endpoint to trusted users only and applying input validation to sanitize the oldfile parameter.

Specifically, the application should be updated or patched to canonicalize file paths using functions like realpath(), enforce directory boundary restrictions, and validate file ownership before performing file operations.

If a patch is not yet available, consider implementing web application firewall rules to block requests containing directory traversal sequences (e.g., "../") in the oldfile parameter.

Also, review and restrict file permissions to minimize writable files by the web server process to reduce the impact of potential exploitation.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45233. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart