Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.0

Camaleon CMS allows unauthorized access to server files via S3 uploader

CVE-2026-1776 GHSA-jw5g-f64p-6x78
Summary

Camaleon CMS versions 2.4.5.0 to 2.9.1 have a security weakness that allows users to access sensitive files on the server. This is a concern because it could allow an attacker to access confidential information. To protect your site, update to a newer version of Camaleon CMS.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
camaleon_cms > 2.4.5.0 , <= 2.9.1
Original title
Camaleon CMS vulnerable to Path Traversal through AWS S3 uploader implementation
Original description
Camaleon CMS versions 2.4.5.0 through 2.9.1, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend.
nvd CVSS4.0 6.0
Vulnerability type
CWE-22 Path Traversal
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 10 Mar 2026