CVE-2026-35047

Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint

Description

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6.

INFO

Published Date :

2026-04-06T17:25:39.602Z

Last Modified :

2026-04-07T14:07:45.223Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-35047 vulnerability.

Vendors	Products
Ajax30	Bravecms-2.0

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35047.

URL	Resource
https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83
https://github.com/Ajax30/BraveCMS-2.0/pull/122
https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability