CVE-2026-35183

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to 2.0.6

Description A flaw exists in the article image deletion feature of Brave CMS, specifically within the deleteImage method in app/Http/Controllers/Dashboard/ArticleController.php. The affected endpoint does not verify ownership of the image file received from the URL, allowing an authenticated user with edit permissions to delete images associated with articles owned by other users. This is an Insecure Direct Object Reference (IDOR) issue.

Recommendations Update to version 2.0.6 or later.