Is PHP affected by EUVD-2026-19458?

Brave CMS versions 2.0.0 through 2.0.5 contain a critical privilege escalation vulnerability that allows any authenticated user to elevate themselves to Super Admin and gain complete control of the content management system.

EUVD-2026-19458

| CVE-2026-35182 HIGH

2026-04-06 GitHub_M

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 06, 2026 - 19:30 vuln.today

EUVD ID Assigned

Apr 06, 2026 - 19:30 euvd

EUVD-2026-19458

CVE Published

Apr 06, 2026 - 19:10 nvd

HIGH 8.8

Description

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to change account roles and promote themselves to Super Admin. This vulnerability is fixed in 2.0.6.

Analysis

Privilege escalation in Brave CMS 2.0.x before 2.0.6 allows authenticated users with low-privilege accounts to promote themselves to Super Admin by directly calling the unprotected role update endpoint. The vulnerability stems from a missing authorization middleware check on the /rights/update-role/{id} route, enabling complete takeover of the CMS by any user with valid credentials. …

Remediation

Within 24 hours: Identify all Brave CMS instances running versions 2.0.0 through 2.0.5 and document affected systems. Within 7 days: Upgrade to Brave CMS 2.0.6 or later where the authorization middleware check has been implemented on the /rights/update-role/{id} endpoint. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

EUVD-2026-19458 vulnerability details – vuln.today

Back

EUVD-2026-19458

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-19458

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code