CVE-2026-35174

Name of the Vulnerable Software and Affected Versions Chyrp Lite versions prior to 2026.01

Description Chyrp Lite, an ultra-lightweight blogging engine, contains a path traversal vulnerability in the administration console. This allows an administrator or a user with Change Settings permission to modify the uploads path to any folder on the server. Successful exploitation enables downloading sensitive files, such as config.json.php containing database credentials, and overwriting critical system files, potentially leading to remote code execution.

Recommendations Versions prior to 2026.01 should be updated to version 2026.01.