Description
Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL but does not verify ownership. This allows an authenticated user with edit permissions to delete images attached to articles owned by other users. This vulnerability is fixed in 2.0.6.
Published: 2026-04-06
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Deletion of Article Images
Action: Patch Immediately
AI Analysis

Impact

Brave CMS versions earlier than 2.0.6 contain an Insecure Direct Object Reference in the article image deletion feature, in which the deleteImage method accepts a filename from the request URL but does not verify that the requester owns the image or its parent article; as a result, any authenticated user who has edit permissions can delete images that belong to other users’ articles, leading to loss of asset integrity and possible content disruption.

Affected Systems

The affected product is Ajax30 BraveCMS 2.0, specifically any deployment running a version prior to 2.0.6; the vulnerability resides in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method and is fixed in version 2.0.6 and later.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate severity, while the EPSS score of less than 1% shows a low probability of exploitation; the vulnerability is not listed in the CISA KEV catalog, and it requires an authenticated user with edit rights to exercise the IDOR, with no requirement for privilege escalation or remote code execution.

Generated by OpenCVE AI on April 14, 2026 at 18:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official update to Brave CMS 2.0.6 or later
  • If immediate upgrade is not possible, disable image deletion for non‑administrative users while a patch is applied
  • Verify that the deleteImage endpoint now checks ownership before allowing a delete operation
  • Monitor system logs for unauthorized image deletion attempts and audit user permissions

Generated by OpenCVE AI on April 14, 2026 at 18:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30 bravecms
CPEs cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*
Vendors & Products Ajax30 bravecms

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ajax30
Ajax30 bravecms-2.0
Vendors & Products Ajax30
Ajax30 bravecms-2.0

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL but does not verify ownership. This allows an authenticated user with edit permissions to delete images attached to articles owned by other users. This vulnerability is fixed in 2.0.6.
Title Brave CMS has an Insecure Direct Object Reference in Article Image Deletion
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

Subscriptions

Ajax30 Bravecms Bravecms-2.0
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-07T16:14:01.519Z

Reserved: 2026-04-01T17:26:21.133Z

Link: CVE-2026-35183

cve-icon Vulnrichment

Updated: 2026-04-07T16:13:50.991Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T20:16:26.727

Modified: 2026-04-14T15:50:08.513

Link: CVE-2026-35183

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:30:09Z

Weaknesses