CVE-2026-10715

UNKNOWN 0.0

Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.

CWE	CWE-862
Vendor	camaleon cms
Product	camaleon cms
Published	Jun 12, 2026
Last Updated	Jun 12, 2026

Stay Ahead of the Next One

Get instant alerts for camaleon cms camaleon cms

Be the first to know when new unknown vulnerabilities affecting camaleon cms camaleon cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Camaleon CMS / Camaleon CMS

2.9.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

fluidattacks.com: https://fluidattacks.com/es/advisories/billie github.com: https://github.com/owen2345/camaleon-cms

Credits

Fluid Attacks' AI SAST Scanner Oscar Naveda