Description
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.
Published: 2026-06-12
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 12 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.
Title Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint
First Time appeared Camaleon Cms
Camaleon Cms camaleon Cms
Weaknesses CWE-862
CPEs cpe:2.3:a:camaleon_cms:camaleon_cms:2.9.2:*:linux:*:*:*:*:*
cpe:2.3:a:camaleon_cms:camaleon_cms:2.9.2:*:macos:*:*:*:*:*
cpe:2.3:a:camaleon_cms:camaleon_cms:2.9.2:*:windows:*:*:*:*:*
Vendors & Products Camaleon Cms
Camaleon Cms camaleon Cms
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Camaleon Cms Camaleon Cms
cve-icon MITRE

Status: PUBLISHED

Assigner: Fluid Attacks

Published:

Updated: 2026-06-12T18:59:37.113Z

Reserved: 2026-06-02T19:25:18.444Z

Link: CVE-2026-10715

cve-icon Vulnrichment

Updated: 2026-06-12T18:59:25.452Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T19:16:25.387

Modified: 2026-06-15T20:55:48.070

Link: CVE-2026-10715

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T21:00:19Z

Weaknesses