CVE-2026-35182
Authorization Bypass in Brave CMS Allows Privilege Escalation
Publication date: 2026-04-06
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ajax30 | bravecms | From 2.0.0 (inc) to 2.0.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35182 is a high-severity privilege escalation vulnerability in BraveCMS versions prior to 2.0.6. It occurs because the POST route `/rights/update-role/{id}` in the application lacks an authorization check middleware called `checkUserPermissions:assign-user-roles`. This missing check allows any authenticated user, even those with low privileges, to change account roles and promote themselves to Super Admin.
An attacker can exploit this by intercepting a POST request to update a user role, modifying the role to Super Admin, and sending it without the system verifying if they have permission to do so. This flaw is due to CWE-862: Missing Authorization.
How can this vulnerability impact me? :
This vulnerability allows an attacker with low privileges to remotely escalate their privileges to Super Admin without any user interaction. Once exploited, the attacker gains full control over the system, including the ability to read, modify, and delete data, manage users, and affect system availability.
The impact is severe as it compromises confidentiality, integrity, and availability of the system, potentially leading to data breaches, unauthorized data manipulation, and denial of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the endpoint `/rights/update-role/{id}` where the role_id parameter is changed to a higher privilege level such as Super Admin (role_id=4).
One way to detect exploitation attempts is to intercept and analyze HTTP POST requests to `/dashboard/users/rights/update-role/{id}` using a web proxy or network monitoring tool.
Suggested commands or methods include:
- Use a network packet capture tool like tcpdump or Wireshark to filter HTTP POST requests to the vulnerable endpoint, e.g., `tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'` and look for POST requests to `/rights/update-role/`.
- Use a web application firewall (WAF) or intrusion detection system (IDS) to alert on POST requests to `/rights/update-role/{id}` with role_id parameters indicating privilege escalation.
- Review application logs for POST requests to `/rights/update-role/{id}` and check if any role changes were made by users without proper authorization.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade BraveCMS to version 2.0.6 or later, where this vulnerability has been fixed.
If upgrading is not immediately possible, apply the recommended patch by adding the missing authorization middleware `checkUserPermissions:assign-user-roles` to the POST route `/rights/update-role/{id}` in the routes/web.php file as follows:
- ```php Route::post('/rights/update-role/{id}', [UserRightsController::class, 'update_role']) ->name('update-role') ->middleware('checkUserPermissions:assign-user-roles'); ```
This ensures that only users with the appropriate permissions can assign roles, preventing unauthorized privilege escalation.
Additionally, review user roles and permissions to ensure no unauthorized privilege escalations have already occurred.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows any authenticated user to escalate their privileges to Super Admin, gaining full read, modification, and control over system data, users, content, and availability.
Such unauthorized privilege escalation can lead to unauthorized access and modification of sensitive data, which may result in violations of common standards and regulations like GDPR and HIPAA that require strict access controls and protection of personal and sensitive information.
Therefore, exploitation of this vulnerability could compromise compliance with these regulations by failing to enforce proper authorization and exposing sensitive data to unauthorized users.