CVE-2026-27161

Name of the Vulnerable Software and Affected Versions GetSimple CMS (affected versions not specified)

Description GetSimple CMS is a content management system. All versions of GetSimple CMS depend on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If Apache AllowOverride is disabled, a common configuration in hardened or shared hosting environments, these protections are silently ignored. This allows unauthenticated attackers to list and download sensitive files, including authorization.xml, which contains cryptographic salts and API keys. The authorization.xml file contains sensitive information that could be used to compromise the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.