High severity8.8NVD Advisory· Published Apr 6, 2026· Updated Apr 14, 2026
CVE-2026-35164
CVE-2026-35164
Description
Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload method. The method fails to validate uploaded file types and relies entirely on user input. This allows an authenticated user to upload executable PHP scripts and gain Remote Code Execution. This vulnerability is fixed in 2.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-2j4q-6p52-4rhwnvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.