Description
Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6.
Published: 2026-04-06
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to Super Admin
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a missing authorization check in the update role endpoint of Brave CMS. Any authenticated user can post to the /rights/update-role/{id} route without the required middleware, allowing them to modify another user's role and promote themselves to Super Admin. This grants full administrative control over the system, compromising confidentiality, integrity, and availability.

Affected Systems

The problem exists in Ajax30’s BraveCMS versions earlier than 2.0.6. All releases through 2.0.5 are affected; the issue was fixed in 2.0.6 and later versions.

Risk and Exploitability

With a CVSS score of 8.8, this vulnerability is considered high severity. No EPSS score is provided, and it is not listed in CISA’s KEV catalog. The exploit requires only valid authentication on the site, making it likely that any insider or compromised user can abuse it. Once a user elevates to Super Admin, they gain unrestricted access to the CMS, making the risk significant and justifying urgent remediation.

Generated by OpenCVE AI on April 7, 2026 at 01:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade BraveCMS to version 2.0.6 or later.

Generated by OpenCVE AI on April 7, 2026 at 01:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30
Ajax30 bravecms-2.0
Vendors & Products Ajax30
Ajax30 bravecms-2.0

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6.
Title Missing Authorization Privilege Escalation
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ajax30 Bravecms-2.0
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T14:04:00.456Z

Reserved: 2026-04-01T17:26:21.133Z

Link: CVE-2026-35182

cve-icon Vulnrichment

Updated: 2026-04-07T14:03:52.166Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-06T20:16:26.553

Modified: 2026-04-07T15:17:42.810

Link: CVE-2026-35182

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T09:37:32Z

Weaknesses