PT-2026-30686 · Brave Cms · Brave Cms
Ajax30
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-35047
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Brave CMS versions prior to 2.0.6
Description
A flaw exists in Brave CMS that allows attackers to upload arbitrary files through the CKEditor endpoint. Successful exploitation of this issue could lead to Remote Code Execution (RCE), potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted.
Recommendations
Update to version 2.0.6 or later.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brave Cms