CVE-2026-35183
IDOR Vulnerability in Brave CMS Article Image Deletion
Publication date: 2026-04-06
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ajax30 | bravecms | From 2.0.0 (inc) to 2.0.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35183 is an Insecure Direct Object Reference (IDOR) vulnerability in BraveCMS versions prior to 2.0.6. It exists in the article image deletion feature within the deleteImage method of the ArticleController. The vulnerability occurs because the endpoint accepts an image filename from the URL without verifying if the authenticated user owns the article associated with that image.
This means that any authenticated user with edit permissions can delete images attached to articles owned by other users by sending a specially crafted request. The system fails to properly check ownership before allowing the deletion, leading to unauthorized file deletion.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users with edit permissions to delete images from articles they do not own. This results in a high integrity impact because important content (images) can be maliciously or accidentally removed.
Although there is no confidentiality impact, the unauthorized deletion can disrupt content availability and integrity, potentially harming the reliability and trustworthiness of your CMS content.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the endpoint responsible for deleting article images, specifically the URL pattern `/dashboard/articles/delete-image/{articleID}/{filename}`.
An attacker with edit permissions can send a POST request to this endpoint with an article ID and filename that do not belong to them, resulting in deletion of images owned by other users.
To detect potential exploitation attempts, you can search your web server logs for POST requests matching this pattern and verify if the authenticated user owns the targeted article.
- Use command-line tools like `grep` or `awk` to filter logs for suspicious POST requests, for example:
- `grep 'POST /dashboard/articles/delete-image/' /var/log/nginx/access.log`
- Check for HTTP 200 OK responses to these requests, which indicate successful deletion.
- Correlate the user identity in the logs with article ownership to identify unauthorized deletions.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade BraveCMS to version 2.0.6 or later, where this vulnerability has been fixed.
The fix includes validating the filename against the articleβs stored image value, enforcing strict equality checks, removing path traversal components from filenames, and verifying article ownership against the authenticated user before allowing deletion.
Until the upgrade can be applied, restrict access to the article image deletion endpoint to trusted users only, and monitor logs for suspicious deletion requests.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated user with edit permissions to delete images attached to articles owned by other users without proper authorization checks.
While the vulnerability does not impact confidentiality (no data disclosure), it has a high integrity impact due to unauthorized deletion of files.
Such unauthorized modification or deletion of data could potentially violate compliance requirements under standards like GDPR or HIPAA, which mandate proper access controls and data integrity protections.
Specifically, failure to enforce strict authorization checks may lead to non-compliance with principles of data protection and integrity required by these regulations.