PT-2026-30694 · Unknown · Chyrp Lite

Whoamins

·

Published

2026-04-06

·

Updated

2026-04-06

·

CVE-2026-35173

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Chyrp Lite versions prior to 2026.01
Description Chyrp Lite, an ultra-lightweight blogging engine, contains an IDOR / Mass Assignment issue in the Post model. Authenticated users with post editing permissions (Edit Post, Edit Draft, Edit Own Post, Edit Own Draft) can modify posts they do not own or have permission to edit. By manipulating internal class properties like id within the post attributes payload, an attacker can alter the object being instantiated, leading to post takeover by performing actions on another user’s post.
Recommendations Update to version 2026.01 or later.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-35173
GHSA-8C3H-RH2J-FXR9

Affected Products

Chyrp Lite