Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 12 Jun 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 12 Jun 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post. | |
| Title | Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint | |
| First Time appeared |
Camaleon Cms
Camaleon Cms camaleon Cms |
|
| Weaknesses | CWE-862 | |
| CPEs | cpe:2.3:a:camaleon_cms:camaleon_cms:2.9.2:*:linux:*:*:*:*:* cpe:2.3:a:camaleon_cms:camaleon_cms:2.9.2:*:macos:*:*:*:*:* cpe:2.3:a:camaleon_cms:camaleon_cms:2.9.2:*:windows:*:*:*:*:* |
|
| Vendors & Products |
Camaleon Cms
Camaleon Cms camaleon Cms |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: Fluid Attacks
Published:
Updated: 2026-06-12T18:59:37.113Z
Reserved: 2026-06-02T19:25:18.444Z
Link: CVE-2026-10715
Updated: 2026-06-12T18:59:25.452Z
Status : Deferred
Published: 2026-06-12T19:16:25.387
Modified: 2026-06-15T20:55:48.070
Link: CVE-2026-10715
No data.
OpenCVE Enrichment
Updated: 2026-06-12T21:00:19Z