Brave Cms · Brave Cms · CVE-2026-35047
Name of the Vulnerable Software and Affected Versions
Brave CMS versions prior to 2.0.6
Description
A flaw exists in Brave CMS that allows attackers to upload arbitrary files through the CKEditor endpoint. Successful exploitation of this issue could lead to Remote Code Execution (RCE), potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted.
Recommendations
Update to version 2.0.6 or later.