CVE-2026-35164

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to 2.0.6

Description Brave CMS, an open-source CMS, contains an unrestricted file upload issue in the CKEditor upload functionality. The issue resides in the ckupload method within the app/Http/Controllers/Dashboard/CkEditorController.php file. The method does not validate uploaded file types, relying solely on user input. This allows an authenticated user to upload executable PHP scripts, potentially leading to Remote Code Execution.

Recommendations Update to version 2.0.6