CVE-2026-10715
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk12th percentile — higher than 12% of all known CVEs
Summary
Camaleon CMS version 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.
Risk Assessment
This vulnerability may lead to unauthorized overwriting of other users' post content, potentially affecting data integrity within the system.
Recommendation
It is recommended to update to the latest version of Camaleon CMS and implement additional authorization mechanisms for endpoints related to draft management.
Original NVD description (English source)
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.

