CVE-2026-1776

Name of the Vulnerable Software and Affected Versions Camaleon CMS versions 2.4.5.0 through 2.9.0

Description Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, have a path traversal issue in the AWS S3 uploader implementation. Authenticated users can read arbitrary files from the web server’s filesystem. The issue is present in the download private file functionality when using the CamaleonCmsAwsUploader backend. The application does not validate file paths, allowing directory traversal sequences through the file parameter. This allows any authenticated user to access sensitive files, such as /etc/passwd. This is a bypass of a previous fix.

Recommendations Update Camaleon CMS to a version prior to 2.9.0 that includes commit f54a77e.