Description

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6.

INFO

Published Date :

2026-04-06T19:10:28.850Z

Last Modified :

2026-04-07T14:04:00.456Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35182 vulnerability.

Vendors Products
Ajax30
  • Bravecms-2.0
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35182.

URL Resource
https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-g58h-mvjw-f4hv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact