cbcvebase.
CVE-2026-10715
published 2026-06-12

CVE-2026-10715: Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send…

PriorityP431medium5.1CVSS 4.0
AVNACLATNPRLUIPVCNVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.21%
11.9th percentile
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type//drafts and overwrite the draft associated with another user's post.

Affected

1 ranges
VendorProductVersion rangeFixed in
camaleon_cmscamaleon_cms
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.