{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-35182/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-35182"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-35182","privilege-escalation","web-application","brave-cms"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eBrave CMS, an open-source content management system, is susceptible to a critical vulnerability (CVE-2026-35182) affecting versions prior to 2.0.6. The vulnerability stems from a missing authorization check in the \u003ccode\u003e/rights/update-role/{id}\u003c/code\u003e endpoint, specifically within the \u003ccode\u003eroutes/web.php\u003c/code\u003e file. The absence of the \u003ccode\u003echeckUserPermissions:assign-user-roles\u003c/code\u003e middleware on the POST route allows any authenticated user, regardless of their current role, to modify account roles. This enables malicious actors or internal users to elevate their privileges to Super Admin, granting them complete control over the CMS. This vulnerability poses a significant risk to organizations utilizing affected versions of Brave CMS, potentially leading to data breaches, system compromise, and unauthorized modifications.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains initial access to a Brave CMS instance with a valid, low-privilege user account (e.g., via compromised credentials or legitimate registration).\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the vulnerable endpoint \u003ccode\u003e/rights/update-role/{id}\u003c/code\u003e within the \u003ccode\u003eroutes/web.php\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a POST request to \u003ccode\u003e/rights/update-role/{id}\u003c/code\u003e, where \u003ccode\u003e{id}\u003c/code\u003e is the user ID of the target account (e.g., their own or another user). The request body includes data to modify the target user\u0026rsquo;s role to \u0026lsquo;Super Admin\u0026rsquo;.\u003c/li\u003e\n\u003cli\u003eThe Brave CMS application, lacking the \u003ccode\u003echeckUserPermissions:assign-user-roles\u003c/code\u003e middleware, processes the request without properly validating the attacker\u0026rsquo;s authorization to modify user roles.\u003c/li\u003e\n\u003cli\u003eThe target user\u0026rsquo;s role is updated to \u0026lsquo;Super Admin\u0026rsquo; in the CMS database.\u003c/li\u003e\n\u003cli\u003eThe attacker, now possessing Super Admin privileges, can access all administrative functions within the Brave CMS.\u003c/li\u003e\n\u003cli\u003eThe attacker can modify website content, install malicious plugins, create new admin accounts, and potentially gain access to the underlying server.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves full control of the Brave CMS instance, leading to potential data exfiltration, defacement, or denial-of-service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-35182 can lead to complete compromise of the Brave CMS instance. An attacker gaining Super Admin privileges can modify or delete website content, inject malicious code, access sensitive data, and potentially pivot to other systems on the network. The impact can range from website defacement and data breaches to complete loss of control over the CMS and associated infrastructure. There is no information regarding how many victims are affected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Brave CMS to version 2.0.6 or later to patch CVE-2026-35182.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Brave CMS Unauthorized Role Update\u0026rdquo; to detect exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to the \u003ccode\u003e/rights/update-role/\u003c/code\u003e endpoint lacking proper authorization headers or originating from unusual IP addresses.\u003c/li\u003e\n\u003cli\u003eReview user roles and permissions within Brave CMS to identify and remediate any unauthorized privilege escalations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T20:16:26Z","date_published":"2026-04-06T20:16:26Z","id":"/briefs/2026-04-brave-cms-privesc/","summary":"Brave CMS versions prior to 2.0.6 are vulnerable to privilege escalation due to a missing authorization check in the update role endpoint, allowing any authenticated user to gain Super Admin privileges.","title":"Brave CMS Missing Authorization Leads to Privilege Escalation","url":"https://feed.craftedsignal.io/briefs/2026-04-brave-cms-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-35182","version":"https://jsonfeed.org/version/1.1"}