CVE-2026-30452

Name of the Vulnerable Software and Affected Versions Textpattern CMS version 4.9.0

Description A Broken Access Control issue exists in the article management system. Authenticated users with low privileges can modify articles owned by users with higher privileges by manipulating the article ID parameter during the duplicate-and-save workflow in the endpoint 'textpattern/include/txp article.php'. This allows an attacker to bypass authorization checks and overwrite content belonging to other users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.