CVE-2026-35174

Source
https://cve.org/CVERecord?id=CVE-2026-35174
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35174.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-35174
Aliases
  • GHSA-p6pf-2grm-8257
Published
2026-04-06T17:50:04.544Z
Modified
2026-07-08T08:05:07.172782797Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Chyrp Lite has a Path Traversal to Remote Code Execution
Details

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download any file on the server, including config.json.php with database credentials and overwrite critical system files, leading to remote code execution. This vulnerability is fixed in 2026.01.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22",
        "CWE-434",
        "CWE-73"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/35xxx/CVE-2026-35174.json"
}
References

Affected packages

Git / github.com/xenocrat/chyrp-lite

Affected ranges

Type
GIT
Repo
https://github.com/xenocrat/chyrp-lite
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2026.01"
        }
    ],
    "cpe": "cpe:2.3:a:chyrplite:chyrp_lite:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

v2018.*
v2018.04
v2019.*
v2019.01
v2019.02
v2019.03
v2019.04
v2020.*
v2020.01
v2020.02
v2020.03
v2020.04
v2021.*
v2021.01
v2021.02
v2021.03
v2021.04
v2022.*
v2022.01
v2022.02
v2022.03
v2022.03.01
v2023.*
v2023.01
v2023.02
v2023.03
v2024.*
v2024.01
v2024.02
v2024.03
v2025.*
v2025.01
v2025.02
v2025.03

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-35174.json"