Tag
critical
advisory
Brave CMS Missing Authorization Leads to Privilege Escalation
2 rules 1 TTP 1 CVE 1 IOCBrave CMS versions prior to 2.0.6 are vulnerable to privilege escalation due to a missing authorization check in the update role endpoint, allowing any authenticated user to gain Super Admin privileges.
cve-2026-35182
privilege-escalation
web-application
brave-cms
2r
1t
1c
1i
medium
advisory
Brave CMS Insecure Direct Object Reference Vulnerability (CVE-2026-35183)
1 rule 1 TTP 1 CVEBrave CMS versions prior to 2.0.6 are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability allowing authenticated users with edit permissions to delete images attached to articles owned by other users due to missing ownership verification in the deleteImage method.
idor
brave-cms
vulnerability
1r
1t
1c
critical
advisory
Brave CMS Unrestricted File Upload Leads to Remote Code Execution
2 rules 3 TTPs 1 CVEBrave CMS versions prior to 2.0.6 contain an unrestricted file upload vulnerability within the CKEditor upload functionality in the ckupload method, allowing authenticated users to upload executable PHP scripts and achieve Remote Code Execution.
cve-2026-35164
rce
file-upload
brave-cms
ckeditor
php
webserver
2r
3t
1c