CVE-2026-34750— Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize filenames. An attacker could craft filenames to escape the intended storage location. This issue has been patched in version 3.78.0 for @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

对路径名的限制不恰当(路径遍历)

Payload 路径遍历漏洞

Payload是一个使用 TypeScript、Node.js、React 和 MongoDB 构建的 Headless CMS 和应用程序框架。 Payload 3.78.0之前版本存在路径遍历漏洞，该漏洞源于客户端上传签名URL端点未正确清理文件名，可能导致攻击者逃离预期存储位置。

N/A

N/A