CVE-2026-35173

Name of the Vulnerable Software and Affected Versions Chyrp Lite versions prior to 2026.01

Description Chyrp Lite, an ultra-lightweight blogging engine, contains an IDOR / Mass Assignment issue in the Post model. Authenticated users with post editing permissions (Edit Post, Edit Draft, Edit Own Post, Edit Own Draft) can modify posts they do not own or have permission to edit. By manipulating internal class properties like id within the post attributes payload, an attacker can alter the object being instantiated, leading to post takeover by performing actions on another user’s post.

Recommendations Update to version 2026.01 or later.