CVE-2026-10715
published 2026-06-12CVE-2026-10715: Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send…
PriorityP431medium5.1CVSS 4.0
AVNACLATNPRLUIPVCNVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.21%
11.9th percentile
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type//drafts and overwrite the draft associated with another user's post.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| camaleon_cms | camaleon_cms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint.
ghsa_unreviewed·2026-06-12
CVE-2026-10715 [MEDIUM] CWE-862 Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint.
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type//drafts and overwrite the draft associated with another user's post.
VulDB
Camaleon CMS 2.9.2 Administrator Draft Autosave Endpoint /admin/post_type authorization (EUVD-2026-36536)
vuldb·2026-06-12·CVSS 5.1
CVE-2026-10715 [MEDIUM] Camaleon CMS 2.9.2 Administrator Draft Autosave Endpoint /admin/post_type authorization (EUVD-2026-36536)
A vulnerability categorized as problematic has been discovered in Camaleon CMS 2.9.2. This vulnerability affects unknown code of the file /admin/post_type of the component Administrator Draft Autosave Endpoint. Executing a manipulation can lead to missing authorization.
The identification of this vulnerability is CVE-2026-10715. The attack may be launched remotely. There is no exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-12
Published