{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5344", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-01T15:57:11.072Z", "datePublished": "2026-04-02T14:45:09.743Z", "dateUpdated": "2026-04-02T15:24:37.898Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T14:45:09.743Z"}, "title": "Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "n/a", "product": "Textpattern", "versions": [{"version": "4.9.0", "status": "affected"}, {"version": "4.9.1", "status": "affected"}], "cpes": ["cpe:2.3:a:textpattern:textpattern:*:*:*:*:*:*:*:*"], "modules": ["XML-RPC Handler"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2026-04-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-01T18:02:27.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "zsmaaa (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/354696", "name": "VDB-354696 | Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354696/cti", "name": "VDB-354696 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/769166", "name": "Submit #769166 | Textpattern 4.9.1 Textpattern XML-RPC Arbitrary File Write", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LTX-GOD/Mycve/blob/main/Textpatterncms_en.md", "tags": ["broken-link", "exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T15:24:30.478358Z", "id": "CVE-2026-5344", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:24:37.898Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5344", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T15:24:30.478358Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T15:24:33.655Z"}}], "cna": {"title": "Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "zsmaaa (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:textpattern:textpattern:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["XML-RPC Handler"], "product": "Textpattern", "versions": [{"status": "affected", "version": "4.9.0"}, {"status": "affected", "version": "4.9.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-01T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-01T18:02:27.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354696", "name": "VDB-354696 | Textpattern XML-RPC TXP_RPCServer.php mt_uploadImage path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/354696/cti", "name": "VDB-354696 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/769166", "name": "Submit #769166 | Textpattern 4.9.1 Textpattern XML-RPC Arbitrary File Write", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LTX-GOD/Mycve/blob/main/Textpatterncms_en.md", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T14:45:09.743Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5344", "state": "PUBLISHED", "dateUpdated": "2026-04-02T15:24:37.898Z", "dateReserved": "2026-04-01T15:57:11.072Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-02T14:45:09.743Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt_uploadImage of the file rpc/TXP_RPCServer.php of the component XML-RPC Handler. The manipulation of the argument file.name leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor confirmed the issue and will provide a fix in the upcoming release."}], "id": "CVE-2026-5344", "lastModified": "2026-04-02T15:16:53.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-02T15:16:53.613", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/LTX-GOD/Mycve/blob/main/Textpatterncms_en.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/769166"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354696"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354696/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.9.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.9.1"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Textpattern", "source": "cna", "vendor": "n/a"}, "product": "textpattern", "vendor": "textpattern"}], "analysis": {"en": {"generated_at": "2026-04-02T17:21:17.990115+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch as soon as it is released.", "If the XML\u2011RPC interface is not required, disable it or restrict access to authorized users.", "Restrict file system permissions on the upload directory to prevent writes outside the intended directory.", "Monitor the upload directory and server logs for unexpected files or activity."], "summary": {"action": "Patch", "impact": "Remote Arbitrary File Write via XML\u2011RPC"}, "threat_synthesis": {"affected_systems": "Textpattern CMS versions 4.9.1 and earlier are affected. The flaw exists across all platforms where the vulnerable PHP script is deployed beneath the web root, and it impacts installations that expose the XML\u2011RPC interface for image uploads. Versions newer than 4.9.1 are not known to be affected.", "description_and_impact": "Textpattern CMS contains a path\u2011traversal flaw in its XML\u2011RPC handler's mt_uploadImage function. A crafted file.name argument can cause the server to write files outside the designated upload folder. This allows the attacker to create or modify arbitrary files, potentially including executable code, thereby enabling remote code execution. The vulnerability can be reached through the publicly exposed XML\u2011RPC endpoint.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. A publicly available exploit demonstrates that attackers can successfully carry out the attack, indicating that the path\u2011traversal can be exercised remotely. Because authentication requirements are not specified, the attack vector is assumed to be accessible from the public network via the XML\u2011RPC interface, with no mandatory credentials inferred from the description."}}}}, "created": "2026-04-02T20:12:13.464700+00:00", "updated": "2026-04-02T20:20:54.257782+00:00", "vendors": ["textpattern", "textpattern$PRODUCT$textpattern"]}