Description
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6.
Published: 2026-04-06
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A missing authorization check in Brave CMS allows any authenticated user to change role data through the POST endpoint /rights/update-role/{id}. Because the assign-user-roles middleware is omitted, a user can promote themselves to Super Admin, giving full control over the system. This is a classic privilege escalation flaw identified as CWE-862 that threatens confidentiality, integrity, and availability by enabling unrestricted administrative actions.

Affected Systems

The vulnerability affects Ajax30’s BraveCMS versions 2.0 through 2.0.5. The issue was fixed in release 2.0.6.

Risk and Exploitability

The CVSS score of 8.8 denotes high severity, but the EPSS score of less than 1 % suggests a low overall exploitation probability. The flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. An attacker only needs a valid authenticated session and access to the specified POST route, making the attack path straightforward for anyone who can obtain legitimate credentials.

Generated by OpenCVE AI on April 14, 2026 at 18:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Brave CMS to version 2.0.6 or later, which removes the missing middleware check.

Generated by OpenCVE AI on April 14, 2026 at 18:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30 bravecms
CPEs cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*
Vendors & Products Ajax30 bravecms

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30
Ajax30 bravecms-2.0
Vendors & Products Ajax30
Ajax30 bravecms-2.0

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6.
Title Missing Authorization Privilege Escalation
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ajax30 Bravecms Bravecms-2.0
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T14:04:00.456Z

Reserved: 2026-04-01T17:26:21.133Z

Link: CVE-2026-35182

cve-icon Vulnrichment

Updated: 2026-04-07T14:03:52.166Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T20:16:26.553

Modified: 2026-04-14T15:50:57.397

Link: CVE-2026-35182

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:30:09Z

Weaknesses