CVE-2026-45233

HIGH 8.1

HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences directly to file_exists() and rename() functions in admin.php without canonicalization or directory boundary enforcement to cause unintended relocation of any file writable by the web server process to an attacker-specified draft location.

CWE	CWE-22
Vendor	danpros
Product	htmly
Published	Jun 25, 2026
Last Updated	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for danpros htmly

Be the first to know when new high vulnerabilities affecting danpros htmly are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Affected Versions

danpros / htmly

0 ≤ 3.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

gist.github.com: https://gist.github.com/mrgr4yhat/c4df971eafa272ac8c86c15e2829b7fe vulncheck.com: https://www.vulncheck.com/advisories/htmly-cms-path-traversal-via-oldfile-parameter-in-autosave

Credits

Midhun Mohanan