CVE-2026-49133

Name of the Vulnerable Software and Affected Versions Typemill versions prior to 2.24.0

Description Authenticated attackers with Author-level privileges can read arbitrary files outside the content directory. This is possible by supplying traversal sequences in the path query parameter passed to the getFile() function within the Storage class when an empty folder argument is used. This action bypasses the traversal-prevention controls implemented in the getFolderPath() function.

Recommendations Update to version 2.24.0 or later. As a temporary workaround, restrict access to the getFile() function or monitor the path parameter for traversal sequences.