CVE-2026-35164

HIGH

Brave CMS Sffected by Unrestricted File Upload via CKEditor Endpoint

Title source: cna

Description

Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies entirely on user input. This allows an authenticated user to upload executable PHP scripts and gain Remote Code Execution. This vulnerability is fixed in 2.0.6.

References (1)

[X_Refsource_Confirm] https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-2j4q-6p52-4rhw

Scores

CVSS v3 8.8

EPSS 0.0029

EPSS Percentile 52.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (2)

ajax30/bravecms 2.0.0 - 2.0.6

Ajax30/BraveCMS-2.0 < 2.0.6

Published Apr 06, 2026

Tracked Since Apr 06, 2026