CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-33949

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server configuration files and potentially execute arbitrary commands by sabotaging build script. This issue has been patched in version 2.2.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.1%

CVSS Severity

CVSS v3 Score 8.1

References

https://github.com/tinacms/tinacms/security/advisories/GHSA-v9p7-gf3q-h779

Products affected by CVE-2026-33949

Ssw » Tinacms/graphql » Version: 0.56.1

cpe:2.3:a:ssw:tinacms/graphql:0.56.1
Ssw » Tinacms/graphql » Version: 0.57.0

cpe:2.3:a:ssw:tinacms/graphql:0.57.0
Ssw » Tinacms/graphql » Version: 0.57.1

cpe:2.3:a:ssw:tinacms/graphql:0.57.1
Ssw » Tinacms/graphql » Version: 0.57.2

cpe:2.3:a:ssw:tinacms/graphql:0.57.2
Ssw » Tinacms/graphql » Version: 0.58.0

cpe:2.3:a:ssw:tinacms/graphql:0.58.0
Ssw » Tinacms/graphql » Version: 0.58.2

cpe:2.3:a:ssw:tinacms/graphql:0.58.2
Ssw » Tinacms/graphql » Version: 0.59.0

cpe:2.3:a:ssw:tinacms/graphql:0.59.0
Ssw » Tinacms/graphql » Version: 0.59.1

cpe:2.3:a:ssw:tinacms/graphql:0.59.1
Ssw » Tinacms/graphql » Version: 0.59.10

cpe:2.3:a:ssw:tinacms/graphql:0.59.10
Ssw » Tinacms/graphql » Version: 0.59.11

cpe:2.3:a:ssw:tinacms/graphql:0.59.11
Ssw » Tinacms/graphql » Version: 0.59.2

cpe:2.3:a:ssw:tinacms/graphql:0.59.2
Ssw » Tinacms/graphql » Version: 0.59.3

cpe:2.3:a:ssw:tinacms/graphql:0.59.3
Ssw » Tinacms/graphql » Version: 0.59.4

cpe:2.3:a:ssw:tinacms/graphql:0.59.4
Ssw » Tinacms/graphql » Version: 0.59.5

cpe:2.3:a:ssw:tinacms/graphql:0.59.5
Ssw » Tinacms/graphql » Version: 0.59.6

cpe:2.3:a:ssw:tinacms/graphql:0.59.6
Ssw » Tinacms/graphql » Version: 0.59.7

cpe:2.3:a:ssw:tinacms/graphql:0.59.7
Ssw » Tinacms/graphql » Version: 0.59.8

cpe:2.3:a:ssw:tinacms/graphql:0.59.8
Ssw » Tinacms/graphql » Version: 0.59.9

cpe:2.3:a:ssw:tinacms/graphql:0.59.9
Ssw » Tinacms/graphql » Version: 0.60.0

cpe:2.3:a:ssw:tinacms/graphql:0.60.0
Ssw » Tinacms/graphql » Version: 0.60.1

cpe:2.3:a:ssw:tinacms/graphql:0.60.1
Ssw » Tinacms/graphql » Version: 0.60.2

cpe:2.3:a:ssw:tinacms/graphql:0.60.2
Ssw » Tinacms/graphql » Version: 0.60.3

cpe:2.3:a:ssw:tinacms/graphql:0.60.3
Ssw » Tinacms/graphql » Version: 0.60.4

cpe:2.3:a:ssw:tinacms/graphql:0.60.4
Ssw » Tinacms/graphql » Version: 0.60.5

cpe:2.3:a:ssw:tinacms/graphql:0.60.5
Ssw » Tinacms/graphql » Version: 0.60.6

cpe:2.3:a:ssw:tinacms/graphql:0.60.6
Ssw » Tinacms/graphql » Version: 0.60.7

cpe:2.3:a:ssw:tinacms/graphql:0.60.7
Ssw » Tinacms/graphql » Version: 0.60.8

cpe:2.3:a:ssw:tinacms/graphql:0.60.8
Ssw » Tinacms/graphql » Version: 0.61.0

cpe:2.3:a:ssw:tinacms/graphql:0.61.0
Ssw » Tinacms/graphql » Version: 0.61.1

cpe:2.3:a:ssw:tinacms/graphql:0.61.1
Ssw » Tinacms/graphql » Version: 0.61.2

cpe:2.3:a:ssw:tinacms/graphql:0.61.2
Ssw » Tinacms/graphql » Version: 0.61.3

cpe:2.3:a:ssw:tinacms/graphql:0.61.3
Ssw » Tinacms/graphql » Version: 0.61.4

cpe:2.3:a:ssw:tinacms/graphql:0.61.4
Ssw » Tinacms/graphql » Version: 0.61.5

cpe:2.3:a:ssw:tinacms/graphql:0.61.5
Ssw » Tinacms/graphql » Version: 0.61.6

cpe:2.3:a:ssw:tinacms/graphql:0.61.6
Ssw » Tinacms/graphql » Version: 0.61.7

cpe:2.3:a:ssw:tinacms/graphql:0.61.7
Ssw » Tinacms/graphql » Version: 0.62.0

cpe:2.3:a:ssw:tinacms/graphql:0.62.0
Ssw » Tinacms/graphql » Version: 0.62.1

cpe:2.3:a:ssw:tinacms/graphql:0.62.1
Ssw » Tinacms/graphql » Version: 0.63.0

cpe:2.3:a:ssw:tinacms/graphql:0.63.0
Ssw » Tinacms/graphql » Version: 0.63.1

cpe:2.3:a:ssw:tinacms/graphql:0.63.1
Ssw » Tinacms/graphql » Version: 0.63.10

cpe:2.3:a:ssw:tinacms/graphql:0.63.10
Ssw » Tinacms/graphql » Version: 0.63.11

cpe:2.3:a:ssw:tinacms/graphql:0.63.11
Ssw » Tinacms/graphql » Version: 0.63.12

cpe:2.3:a:ssw:tinacms/graphql:0.63.12
Ssw » Tinacms/graphql » Version: 0.63.13

cpe:2.3:a:ssw:tinacms/graphql:0.63.13
Ssw » Tinacms/graphql » Version: 0.63.14

cpe:2.3:a:ssw:tinacms/graphql:0.63.14
Ssw » Tinacms/graphql » Version: 0.63.15

cpe:2.3:a:ssw:tinacms/graphql:0.63.15
Ssw » Tinacms/graphql » Version: 0.63.16

cpe:2.3:a:ssw:tinacms/graphql:0.63.16
Ssw » Tinacms/graphql » Version: 0.63.17

cpe:2.3:a:ssw:tinacms/graphql:0.63.17
Ssw » Tinacms/graphql » Version: 0.63.18

cpe:2.3:a:ssw:tinacms/graphql:0.63.18
Ssw » Tinacms/graphql » Version: 0.63.19

cpe:2.3:a:ssw:tinacms/graphql:0.63.19
Ssw » Tinacms/graphql » Version: 0.63.2

cpe:2.3:a:ssw:tinacms/graphql:0.63.2
Ssw » Tinacms/graphql » Version: 0.63.20

cpe:2.3:a:ssw:tinacms/graphql:0.63.20
Ssw » Tinacms/graphql » Version: 0.63.3

cpe:2.3:a:ssw:tinacms/graphql:0.63.3
Ssw » Tinacms/graphql » Version: 0.63.4

cpe:2.3:a:ssw:tinacms/graphql:0.63.4
Ssw » Tinacms/graphql » Version: 0.63.5

cpe:2.3:a:ssw:tinacms/graphql:0.63.5
Ssw » Tinacms/graphql » Version: 0.63.6

cpe:2.3:a:ssw:tinacms/graphql:0.63.6
Ssw » Tinacms/graphql » Version: 0.63.7

cpe:2.3:a:ssw:tinacms/graphql:0.63.7
Ssw » Tinacms/graphql » Version: 0.63.8

cpe:2.3:a:ssw:tinacms/graphql:0.63.8
Ssw » Tinacms/graphql » Version: 0.63.9

cpe:2.3:a:ssw:tinacms/graphql:0.63.9
Ssw » Tinacms/graphql » Version: 1.0.0

cpe:2.3:a:ssw:tinacms/graphql:1.0.0
Ssw » Tinacms/graphql » Version: 1.0.1

cpe:2.3:a:ssw:tinacms/graphql:1.0.1
Ssw » Tinacms/graphql » Version: 1.0.2

cpe:2.3:a:ssw:tinacms/graphql:1.0.2
Ssw » Tinacms/graphql » Version: 1.0.3

cpe:2.3:a:ssw:tinacms/graphql:1.0.3
Ssw » Tinacms/graphql » Version: 1.0.4

cpe:2.3:a:ssw:tinacms/graphql:1.0.4
Ssw » Tinacms/graphql » Version: 1.0.5

cpe:2.3:a:ssw:tinacms/graphql:1.0.5
Ssw » Tinacms/graphql » Version: 1.1.0

cpe:2.3:a:ssw:tinacms/graphql:1.1.0
Ssw » Tinacms/graphql » Version: 1.2.0

cpe:2.3:a:ssw:tinacms/graphql:1.2.0
Ssw » Tinacms/graphql » Version: 1.3.0

cpe:2.3:a:ssw:tinacms/graphql:1.3.0
Ssw » Tinacms/graphql » Version: 1.3.1

cpe:2.3:a:ssw:tinacms/graphql:1.3.1
Ssw » Tinacms/graphql » Version: 1.3.2

cpe:2.3:a:ssw:tinacms/graphql:1.3.2
Ssw » Tinacms/graphql » Version: 1.3.3

cpe:2.3:a:ssw:tinacms/graphql:1.3.3
Ssw » Tinacms/graphql » Version: 1.3.4

cpe:2.3:a:ssw:tinacms/graphql:1.3.4
Ssw » Tinacms/graphql » Version: 1.3.5

cpe:2.3:a:ssw:tinacms/graphql:1.3.5
Ssw » Tinacms/graphql » Version: 1.4.0

cpe:2.3:a:ssw:tinacms/graphql:1.4.0
Ssw » Tinacms/graphql » Version: 1.4.1

cpe:2.3:a:ssw:tinacms/graphql:1.4.1
Ssw » Tinacms/graphql » Version: 1.4.10

cpe:2.3:a:ssw:tinacms/graphql:1.4.10
Ssw » Tinacms/graphql » Version: 1.4.11

cpe:2.3:a:ssw:tinacms/graphql:1.4.11
Ssw » Tinacms/graphql » Version: 1.4.12

cpe:2.3:a:ssw:tinacms/graphql:1.4.12
Ssw » Tinacms/graphql » Version: 1.4.13

cpe:2.3:a:ssw:tinacms/graphql:1.4.13
Ssw » Tinacms/graphql » Version: 1.4.14

cpe:2.3:a:ssw:tinacms/graphql:1.4.14
Ssw » Tinacms/graphql » Version: 1.4.15

cpe:2.3:a:ssw:tinacms/graphql:1.4.15
Ssw » Tinacms/graphql » Version: 1.4.16

cpe:2.3:a:ssw:tinacms/graphql:1.4.16
Ssw » Tinacms/graphql » Version: 1.4.17

cpe:2.3:a:ssw:tinacms/graphql:1.4.17
Ssw » Tinacms/graphql » Version: 1.4.18

cpe:2.3:a:ssw:tinacms/graphql:1.4.18
Ssw » Tinacms/graphql » Version: 1.4.19

cpe:2.3:a:ssw:tinacms/graphql:1.4.19
Ssw » Tinacms/graphql » Version: 1.4.2

cpe:2.3:a:ssw:tinacms/graphql:1.4.2
Ssw » Tinacms/graphql » Version: 1.4.20

cpe:2.3:a:ssw:tinacms/graphql:1.4.20
Ssw » Tinacms/graphql » Version: 1.4.21

cpe:2.3:a:ssw:tinacms/graphql:1.4.21
Ssw » Tinacms/graphql » Version: 1.4.22

cpe:2.3:a:ssw:tinacms/graphql:1.4.22
Ssw » Tinacms/graphql » Version: 1.4.23

cpe:2.3:a:ssw:tinacms/graphql:1.4.23
Ssw » Tinacms/graphql » Version: 1.4.24

cpe:2.3:a:ssw:tinacms/graphql:1.4.24
Ssw » Tinacms/graphql » Version: 1.4.25

cpe:2.3:a:ssw:tinacms/graphql:1.4.25
Ssw » Tinacms/graphql » Version: 1.4.26

cpe:2.3:a:ssw:tinacms/graphql:1.4.26
Ssw » Tinacms/graphql » Version: 1.4.27

cpe:2.3:a:ssw:tinacms/graphql:1.4.27
Ssw » Tinacms/graphql » Version: 1.4.28

cpe:2.3:a:ssw:tinacms/graphql:1.4.28
Ssw » Tinacms/graphql » Version: 1.4.29

cpe:2.3:a:ssw:tinacms/graphql:1.4.29
Ssw » Tinacms/graphql » Version: 1.4.3

cpe:2.3:a:ssw:tinacms/graphql:1.4.3
Ssw » Tinacms/graphql » Version: 1.4.30

cpe:2.3:a:ssw:tinacms/graphql:1.4.30
Ssw » Tinacms/graphql » Version: 1.4.31

cpe:2.3:a:ssw:tinacms/graphql:1.4.31
Ssw » Tinacms/graphql » Version: 1.4.32

cpe:2.3:a:ssw:tinacms/graphql:1.4.32
Ssw » Tinacms/graphql » Version: 1.4.33

cpe:2.3:a:ssw:tinacms/graphql:1.4.33
Ssw » Tinacms/graphql » Version: 1.4.34

cpe:2.3:a:ssw:tinacms/graphql:1.4.34
Ssw » Tinacms/graphql » Version: 1.4.35

cpe:2.3:a:ssw:tinacms/graphql:1.4.35
Ssw » Tinacms/graphql » Version: 1.4.4

cpe:2.3:a:ssw:tinacms/graphql:1.4.4
Ssw » Tinacms/graphql » Version: 1.4.5

cpe:2.3:a:ssw:tinacms/graphql:1.4.5
Ssw » Tinacms/graphql » Version: 1.4.6

cpe:2.3:a:ssw:tinacms/graphql:1.4.6
Ssw » Tinacms/graphql » Version: 1.4.7

cpe:2.3:a:ssw:tinacms/graphql:1.4.7
Ssw » Tinacms/graphql » Version: 1.4.8

cpe:2.3:a:ssw:tinacms/graphql:1.4.8
Ssw » Tinacms/graphql » Version: 1.4.9

cpe:2.3:a:ssw:tinacms/graphql:1.4.9
Ssw » Tinacms/graphql » Version: 1.5.10

cpe:2.3:a:ssw:tinacms/graphql:1.5.10
Ssw » Tinacms/graphql » Version: 1.5.11

cpe:2.3:a:ssw:tinacms/graphql:1.5.11
Ssw » Tinacms/graphql » Version: 1.5.12

cpe:2.3:a:ssw:tinacms/graphql:1.5.12
Ssw » Tinacms/graphql » Version: 1.5.13

cpe:2.3:a:ssw:tinacms/graphql:1.5.13
Ssw » Tinacms/graphql » Version: 1.5.14

cpe:2.3:a:ssw:tinacms/graphql:1.5.14
Ssw » Tinacms/graphql » Version: 1.5.16

cpe:2.3:a:ssw:tinacms/graphql:1.5.16
Ssw » Tinacms/graphql » Version: 1.5.17

cpe:2.3:a:ssw:tinacms/graphql:1.5.17
Ssw » Tinacms/graphql » Version: 1.5.18

cpe:2.3:a:ssw:tinacms/graphql:1.5.18
Ssw » Tinacms/graphql » Version: 1.5.19

cpe:2.3:a:ssw:tinacms/graphql:1.5.19
Ssw » Tinacms/graphql » Version: 1.5.3

cpe:2.3:a:ssw:tinacms/graphql:1.5.3
Ssw » Tinacms/graphql » Version: 1.5.4

cpe:2.3:a:ssw:tinacms/graphql:1.5.4
Ssw » Tinacms/graphql » Version: 1.5.5

cpe:2.3:a:ssw:tinacms/graphql:1.5.5
Ssw » Tinacms/graphql » Version: 1.5.6

cpe:2.3:a:ssw:tinacms/graphql:1.5.6
Ssw » Tinacms/graphql » Version: 1.5.7

cpe:2.3:a:ssw:tinacms/graphql:1.5.7
Ssw » Tinacms/graphql » Version: 1.5.8

cpe:2.3:a:ssw:tinacms/graphql:1.5.8
Ssw » Tinacms/graphql » Version: 1.5.9

cpe:2.3:a:ssw:tinacms/graphql:1.5.9
Ssw » Tinacms/graphql » Version: 1.6.0

cpe:2.3:a:ssw:tinacms/graphql:1.6.0
Ssw » Tinacms/graphql » Version: 1.6.1

cpe:2.3:a:ssw:tinacms/graphql:1.6.1
Ssw » Tinacms/graphql » Version: 1.6.2

cpe:2.3:a:ssw:tinacms/graphql:1.6.2
Ssw » Tinacms/graphql » Version: 1.6.3

cpe:2.3:a:ssw:tinacms/graphql:1.6.3
Ssw » Tinacms/graphql » Version: 2.0.0

cpe:2.3:a:ssw:tinacms/graphql:2.0.0
Ssw » Tinacms/graphql » Version: 2.0.1

cpe:2.3:a:ssw:tinacms/graphql:2.0.1
Ssw » Tinacms/graphql » Version: 2.0.2

cpe:2.3:a:ssw:tinacms/graphql:2.0.2
Ssw » Tinacms/graphql » Version: 2.0.3

cpe:2.3:a:ssw:tinacms/graphql:2.0.3
Ssw » Tinacms/graphql » Version: 2.0.4

cpe:2.3:a:ssw:tinacms/graphql:2.0.4
Ssw » Tinacms/graphql » Version: 2.0.5

cpe:2.3:a:ssw:tinacms/graphql:2.0.5
Ssw » Tinacms/graphql » Version: 2.0.6

cpe:2.3:a:ssw:tinacms/graphql:2.0.6
Ssw » Tinacms/graphql » Version: 2.1.0

cpe:2.3:a:ssw:tinacms/graphql:2.1.0
Ssw » Tinacms/graphql » Version: 2.1.1

cpe:2.3:a:ssw:tinacms/graphql:2.1.1
Ssw » Tinacms/graphql » Version: 2.1.2

cpe:2.3:a:ssw:tinacms/graphql:2.1.2
Ssw » Tinacms/graphql » Version: 2.1.3

cpe:2.3:a:ssw:tinacms/graphql:2.1.3
Ssw » Tinacms/graphql » Version: 2.1.4

cpe:2.3:a:ssw:tinacms/graphql:2.1.4
Ssw » Tinacms/graphql » Version: 2.2.0

cpe:2.3:a:ssw:tinacms/graphql:2.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-33949

Products

Pricing

Contact Us