Home / Vulnerability Intelligence / CVE-2026-35174

CVE-2026-35174 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 7, 2026

Chyrp Lite - Path Traversal

Published: April 6, 2026Updated: April 7, 2026Remote Exploitable

Overview

Chyrp Lite < 2026.01 contains a path traversal caused by improper validation of uploads path in the administration console, letting administrators or users with Change Settings permission read and overwrite arbitrary files, exploit requires Change Settings permission.

Severity & Score

Severity: Critical

CVSS Score: 9.1

EPSS Score: 34.6%(Probability of exploitation in next 30 days)

Impact

Authorized users can read sensitive files and overwrite system files, potentially leading to remote code execution and full system compromise.

Mitigation

Update to version 2026.01 or later.

References

https://github.com/xenocrat/chyrp-lite/security/advisories/GHSA-p6pf-2grm-8257

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 6, 2026

🔴 CVE-2026-35174 - Critical (9.1) Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any fold... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35174/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-35174
Severity: Critical
CVSS Score: 9.1
Type: path_traversal
Status: unconfirmed
EPSS: 34.6%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

34.6%Probability of exploitation in the next 30 days