GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/

Description

GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.

AI Analysis

Arbitrary file read vulnerability in the Uploaded Files feature of GetSimple CMS

Basic Information

ID CVE-2026-27202

Source GitHub_M

Published Feb 20, 2026 at 23:26

Affected Product

Vendor GetSimpleCMS-CE

Product GetSimpleCMS-CE

Version <= 3.3.22

Affected Versions GetSimpleCMS-CE GetSimpleCMS-CE <= 3.3.22

CWE Classification

CWE-23 CWE-22

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor GetSimpleCMS-CE

Product GetSimple CMS

Version <= 3.3.22

References

github.com /GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-xhwv-g6q4-h886

{
    "lastseen": "",
    "description": "GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue has not been fixed at the time of publication.",
    "published": "2026-02-20T23:26:23.284Z",
    "modified": "2026-02-20T23:26:23.284Z",
    "type": "cve",
    "title": "GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/GetSimpleCMS-CE/GetSimpleCMS-CE/security/advisories/GHSA-xhwv-g6q4-h886",
    "id": "CVE-2026-27202",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23",
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "GetSimpleCMS-CE GetSimpleCMS-CE <= 3.3.22",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GetSimpleCMS-CE",
    "version": "<= 3.3.22",
    "vendor": "GetSimpleCMS-CE",
    "ai_description": "Arbitrary file read vulnerability in the Uploaded Files feature of GetSimple CMS",
    "ai_severity": "High",
    "ai_vendor": "GetSimpleCMS-CE",
    "ai_product": "GetSimple CMS",
    "ai_version": "<= 3.3.22",
    "ai_score": 8.8
}

GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability_CVE-2026-27202