CVE-2026-27202

Summary

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.

Affected Software

VendorProductVersion RangeStatus
GetSimpleCMS-CEGetSimpleCMS-CE<= 3.3.22affected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal
  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References