CVE-2026-35182 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The PO…
High CVSS: 8.8

CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6.
Vendor
-
Product
-
CWE
CWE-862
Yayın Tarihi
2026-04-06 20:16:26
Güncelleme
2026-04-07 15:17:42
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-862 HIGH 2026

Referanslar

https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-g58h-mvjw-f4hv https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-g58h-mvjw-f4hv