CVE-2026-35047

UNKNOWN 0.0

Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint

CVSS Score

0.0

EPSS Score

0.4%

EPSS Percentile

61th

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6.

CWE	CWE-434
Vendor	ajax30
Product	bravecms-2.0
Published	Apr 6, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for ajax30 bravecms-2.0

Be the first to know when new unknown vulnerabilities affecting ajax30 bravecms-2.0 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Ajax30 / BraveCMS-2.0

< 2.0.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-9rcc-w59j-965v github.com: https://github.com/Ajax30/BraveCMS-2.0/pull/122 github.com: https://github.com/Ajax30/BraveCMS-2.0/commit/058ee4ed7c2b39d540af8274024afcbc9532aa83