CVE-2026-5344

MEDIUM 6.3

Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release.

CWE	CWE-22
Vendor	n/a
Product	textpattern
Published	Apr 2, 2026
Last Updated	Apr 2, 2026

Stay Ahead of the Next One

Get instant alerts for n/a textpattern

Be the first to know when new medium vulnerabilities affecting n/a textpattern are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / Textpattern

4.9.0 4.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/354696 vuldb.com: https://vuldb.com/vuln/354696/cti vuldb.com: https://vuldb.com/submit/769166 github.com: https://github.com/LTX-GOD/Mycve/blob/main/Textpatterncms_en.md

Credits

🔍 zsmaaa (VulDB User) VulDB CNA Team