CVE-2026-34750: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in payloadcms payload
PayloadCMS versions prior to 3. 78. 0 contain a path traversal vulnerability in the client-upload signed-URL endpoints for multiple storage backends (S3, GCS, Azure, R2). This vulnerability allows an attacker to craft filenames that escape the intended storage directory, potentially leading to unauthorized file placement. The issue has been patched in version 3. 78. 0. The vulnerability has a CVSS score of 6. 5, indicating a medium severity level.
AI Analysis
Technical Summary
CVE-2026-34750 is a path traversal vulnerability (CWE-22) affecting PayloadCMS before version 3.78.0 in its storage modules for Azure, Google Cloud Storage, R2, and S3. The vulnerability arises because the client-upload signed-URL endpoints do not properly sanitize filenames, allowing attackers to manipulate file paths to escape the designated storage directories. This could lead to unauthorized file uploads outside the intended storage location. The issue is fixed in PayloadCMS version 3.78.0.
Potential Impact
An attacker with at least limited privileges (PR:L) can exploit this vulnerability to upload files outside the intended storage directories, potentially overwriting or placing files in unauthorized locations. This could lead to integrity issues (I:H) but does not affect confidentiality or availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade PayloadCMS to version 3.78.0 or later, where this vulnerability has been patched. No other mitigations are indicated or required according to the vendor advisory.
CVE-2026-34750: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in payloadcms payload
Description
PayloadCMS versions prior to 3. 78. 0 contain a path traversal vulnerability in the client-upload signed-URL endpoints for multiple storage backends (S3, GCS, Azure, R2). This vulnerability allows an attacker to craft filenames that escape the intended storage directory, potentially leading to unauthorized file placement. The issue has been patched in version 3. 78. 0. The vulnerability has a CVSS score of 6. 5, indicating a medium severity level.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-34750 is a path traversal vulnerability (CWE-22) affecting PayloadCMS before version 3.78.0 in its storage modules for Azure, Google Cloud Storage, R2, and S3. The vulnerability arises because the client-upload signed-URL endpoints do not properly sanitize filenames, allowing attackers to manipulate file paths to escape the designated storage directories. This could lead to unauthorized file uploads outside the intended storage location. The issue is fixed in PayloadCMS version 3.78.0.
Potential Impact
An attacker with at least limited privileges (PR:L) can exploit this vulnerability to upload files outside the intended storage directories, potentially overwriting or placing files in unauthorized locations. This could lead to integrity issues (I:H) but does not affect confidentiality or availability. There are no known exploits in the wild at this time.
Mitigation Recommendations
Upgrade PayloadCMS to version 3.78.0 or later, where this vulnerability has been patched. No other mitigations are indicated or required according to the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T19:17:10.225Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69cd7b33e6bfc5ba1df49823
Added to database: 4/1/2026, 8:08:19 PM
Last enriched: 4/10/2026, 12:05:01 AM
Last updated: 5/15/2026, 11:34:45 AM
Views: 90
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.