CVE Catalog

CVE-2026-10715

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

Camaleon CMS version 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.

Risk Assessment

This vulnerability may lead to unauthorized overwriting of other users' post content, potentially affecting data integrity within the system.

Recommendation

It is recommended to update to the latest version of Camaleon CMS and implement additional authorization mechanisms for endpoints related to draft management.

Original NVD description (English source)

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS