Description
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies entirely on user input. This allows an authenticated user to upload executable PHP scripts and gain Remote Code Execution. This vulnerability is fixed in 2.0.6.
Published: 2026-04-06
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Brave CMS, an open‑source content management system, contains an unrestricted file upload flaw within the CKEditor upload endpoint. The controller handling the uploads does not validate the MIME type or restrict the file name, allowing any file to be accepted. An attacker authenticated to the dashboard can thus upload a PHP script and execute it on the host, leading to full remote code execution and total compromise of the system.

Affected Systems

The vulnerability affects Ajax30 releases of BraveCMS version 2.0 and later, specifically all releases prior to 2.0.6. Administrators should verify whether their deployed system runs a version older than 2.0.6. The fix is contained in BraveCMS 2.0.6 and newer releases.

Risk and Exploitability

The CVSS base score of 8.8 indicates high severity. EPSS is below 1%, and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting a low probability of public exploitation at present. Nonetheless, the flaw requires authenticated dashboard access; once logged in, an attacker can upload arbitrary files without type validation, making exploitation straightforward for anyone with such credentials.

Generated by OpenCVE AI on April 14, 2026 at 18:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Confirm the current BraveCMS version and upgrade immediately to version 2.0.6 or newer if still running an older release.
  • After upgrading, verify that CKEditor upload settings enforce file type restrictions and size limits to add a secondary layer of protection.

Generated by OpenCVE AI on April 14, 2026 at 18:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30 bravecms
CPEs cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*
Vendors & Products Ajax30 bravecms

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30
Ajax30 bravecms-2.0
Vendors & Products Ajax30
Ajax30 bravecms-2.0

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies entirely on user input. This allows an authenticated user to upload executable PHP scripts and gain Remote Code Execution. This vulnerability is fixed in 2.0.6.
Title Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ajax30 Bravecms Bravecms-2.0
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T14:07:00.606Z

Reserved: 2026-04-01T17:26:21.132Z

Link: CVE-2026-35164

cve-icon Vulnrichment

Updated: 2026-04-07T14:06:51.071Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T18:16:42.900

Modified: 2026-04-14T15:51:15.613

Link: CVE-2026-35164

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:30:09Z

Weaknesses