CVE-2026-35047

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83	Patch
https://github.com/Ajax30/BraveCMS-2.0/pull/122	Issue Tracking
https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*

History

10 Apr 2026, 18:30

Type	Values Removed	Values Added
References	~~() https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83 -~~	() https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83 - Patch
References	~~() https://github.com/Ajax30/BraveCMS-2.0/pull/122 -~~	() https://github.com/Ajax30/BraveCMS-2.0/pull/122 - Issue Tracking
References	~~() https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v -~~	() https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v - Vendor Advisory
CPE		cpe:2.3:a:ajax30:bravecms::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Ajax30 Ajax30 bravecms

06 Apr 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-06 18:16

Updated : 2026-04-10 18:30

NVD link : CVE-2026-35047

Mitre link : CVE-2026-35047

CVE.ORG link : CVE-2026-35047

JSON object : View

Products Affected

ajax30

bravecms

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2026-35047", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-04-06T18:16:42.433", "references": [{"url": "https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Ajax30/BraveCMS-2.0/pull/122", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6."}], "lastModified": "2026-04-10T18:30:16.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68058898-316C-481E-A190-0E50C51A015D", "versionEndExcluding": "2.0.6", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}