Description
Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6.
Published: 2026-04-06
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Upgrade
AI Analysis

Impact

Brave CMS contains an unrestricted file upload flaw in its CKEditor endpoint. Before version 2.0.6 the endpoint accepts any file type, including executable scripts. An attacker who can reach this endpoint can store a malicious payload on the server and subsequently execute it, giving full control over the host. This flaw is mapped to CWE‑434, improper restriction of file type. The impact is a potential full system compromise, data loss, or denial of service.

Affected Systems

All installations of Ajax30 BraveCMS that are running any release prior to version 2.0.6 are vulnerable. The issue was resolved in the 2.0.6 update; no versions 2.0.6 or newer are affected.

Risk and Exploitability

The CVSS base score of 9.3 indicates critical severity. The EPSS score of less than 1% suggests that exploitation is not widespread at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is remote via the web‑based CKEditor upload interface, which would require the attacker to have at least some access to the CMS front‑end. Once this access is achieved, the flaw can be exploited without additional privilege escalation.

Generated by OpenCVE AI on April 10, 2026 at 19:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official upgrade to Brave CMS version 2.0.6 or newer
  • Verify that the CKEditor upload endpoint no longer accepts arbitrary file types after the upgrade
  • If an immediate upgrade is not possible, block or restrict access to the CKEditor upload URL with firewall rules or authentication controls
  • Continuously monitor server logs for unauthorized file uploads and investigate suspicious activity

Generated by OpenCVE AI on April 10, 2026 at 19:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30 bravecms
CPEs cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*
Vendors & Products Ajax30 bravecms
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30
Ajax30 bravecms-2.0
Vendors & Products Ajax30
Ajax30 bravecms-2.0

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6.
Title Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint
Weaknesses CWE-434
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ajax30 Bravecms Bravecms-2.0
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T14:07:45.223Z

Reserved: 2026-03-31T21:06:06.428Z

Link: CVE-2026-35047

cve-icon Vulnrichment

Updated: 2026-04-07T14:07:38.739Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T18:16:42.433

Modified: 2026-04-10T18:30:16.167

Link: CVE-2026-35047

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:39Z

Weaknesses