{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35047", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-31T21:06:06.428Z", "datePublished": "2026-04-06T17:25:39.602Z", "dateUpdated": "2026-04-07T14:07:45.223Z"}, "containers": {"cna": {"title": "Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "lang": "en", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v"}, {"name": "https://github.com/Ajax30/BraveCMS-2.0/pull/122", "tags": ["x_refsource_MISC"], "url": "https://github.com/Ajax30/BraveCMS-2.0/pull/122"}, {"name": "https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83", "tags": ["x_refsource_MISC"], "url": "https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83"}], "affected": [{"vendor": "Ajax30", "product": "BraveCMS-2.0", "versions": [{"version": "< 2.0.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:25:39.602Z"}, "descriptions": [{"lang": "en", "value": "Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6."}], "source": {"advisory": "GHSA-9rcc-w59j-965v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T14:07:34.918627Z", "id": "CVE-2026-35047", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:07:45.223Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint", "source": {"advisory": "GHSA-9rcc-w59j-965v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Ajax30", "product": "BraveCMS-2.0", "versions": [{"status": "affected", "version": "< 2.0.6"}]}], "references": [{"url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v", "name": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Ajax30/BraveCMS-2.0/pull/122", "name": "https://github.com/Ajax30/BraveCMS-2.0/pull/122", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83", "name": "https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-06T17:25:39.602Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T14:07:34.918627Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-07T14:07:38.739Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-35047", "state": "PUBLISHED", "dateUpdated": "2026-04-06T17:25:39.602Z", "dateReserved": "2026-03-31T21:06:06.428Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-06T17:25:39.602Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*", "matchCriteriaId": "68058898-316C-481E-A190-0E50C51A015D", "versionEndExcluding": "2.0.6", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6."}], "id": "CVE-2026-35047", "lastModified": "2026-04-10T18:30:16.167", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-06T18:16:42.433", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/Ajax30/BraveCMS-2.0/pull/122"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "BraveCMS-2.0", "source": "cna", "vendor": "Ajax30"}, "product": "bravecms-2.0", "vendor": "ajax30"}], "analysis": {"en": {"generated_at": "2026-04-10T19:54:16.974122+00:00", "value": {"mitigation_remediation": ["Apply the official upgrade to Brave CMS version 2.0.6 or newer", "Verify that the CKEditor upload endpoint no longer accepts arbitrary file types after the upgrade", "If an immediate upgrade is not possible, block or restrict access to the CKEditor upload URL with firewall rules or authentication controls", "Continuously monitor server logs for unauthorized file uploads and investigate suspicious activity"], "summary": {"action": "Patch Upgrade", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of Ajax30 BraveCMS that are running any release prior to version 2.0.6 are vulnerable. The issue was resolved in the 2.0.6 update; no versions 2.0.6 or newer are affected.", "description_and_impact": "Brave CMS contains an unrestricted file upload flaw in its CKEditor endpoint. Before version 2.0.6 the endpoint accepts any file type, including executable scripts. An attacker who can reach this endpoint can store a malicious payload on the server and subsequently execute it, giving full control over the host. This flaw is mapped to CWE\u2011434, improper restriction of file type. The impact is a potential full system compromise, data loss, or denial of service.", "risk_and_exploitability": "The CVSS base score of 9.3 indicates critical severity. The EPSS score of less than 1% suggests that exploitation is not widespread at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is remote via the web\u2011based CKEditor upload interface, which would require the attacker to have at least some access to the CMS front\u2011end. Once this access is achieved, the flaw can be exploited without additional privilege escalation."}}}}, "created": "2026-04-06T21:29:51.593611+00:00", "updated": "2026-04-13T14:27:39.740090+00:00", "vendors": ["ajax30", "ajax30$PRODUCT$bravecms-2.0"]}