CVE-2026-30452

Authenticated Users Can Bypass Access Control to Alter Higher-Privilege Articles in Textpattern CMS 4.9.0

Description

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in textpattern/include/txp_article.php, an attacker can bypass authorization checks and overwrite content belonging to other users.

INFO

Published Date :

2026-04-21T00:00:00.000Z

Last Modified :

2026-04-22T15:35:46.859Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2026-30452 vulnerability.

Vendors	Products
Textpattern	Textpattern

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30452.

URL	Resource
https://github.com/textpattern/textpattern
https://textpattern.com/weblog/textpattern-491-released-security-fixes-patches-and-tweaks

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact