Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Low-privilege authentication required to reach the admin endpoint; only a peer user's draft integrity is impacted, with no confidentiality or availability effects.
Primary rating from Vendor (Fluid Attacks).
CVSS VectorVendor: Fluid Attacks
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.
AnalysisAI
Improper authorization in Camaleon CMS 2.9.2 allows any low-privileged authenticated user to overwrite draft content belonging to other users by supplying an arbitrary post_id to the administrator draft autosave endpoint. The application authenticates the requesting user but performs no ownership check, meaning a contributor or editor can silently corrupt unpublished drafts they do not own. No public exploit code has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV.
Technical ContextAI
Camaleon CMS is a Ruby on Rails-based content management system. The flaw resides in the draft autosave endpoint at POST /admin/post_type/<POST_TYPE_ID>/drafts, which accepts a client-supplied post_id parameter without verifying that the authenticated user owns or is authorized to modify the referenced post. This is a textbook CWE-862 (Missing Authorization) instance: the application correctly authenticates the user but omits the object-level authorization check needed to confirm resource ownership before performing the write operation. The CPE string cpe:2.3:a:camaleon_cms:camaleon_cms:*:*:*:*:*:*:*:* uses a wildcard version range, indicating the NVD has not bounded the vulnerable range beyond 2.9.2.
RemediationAI
No vendor-released patched version has been independently confirmed at time of analysis; the fix status and any tagged release should be verified directly against the upstream repository at https://github.com/owen2345/camaleon-cms and the Fluid Attacks advisory at https://fluidattacks.com/es/advisories/billie. As a compensating control, restrict access to the /admin/post_type/*/drafts endpoint to only the most trusted user roles via application-level role checks or a reverse-proxy ACL, reducing the attacker pool from all authenticated users to administrators. Additionally, implement object-level authorization validation in the autosave action to confirm that the supplied post_id is owned by or explicitly shared with the requesting user before processing the write - this is the root cause fix regardless of patch availability. The trade-off of role restriction is reduced functionality for legitimate lower-privileged authors who rely on autosave.
More in Camaleon Cms
View allCamaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. Rated critical severity (CVSS 9
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats para
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. Rated high severity (CVSS 7.7),
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the cont
Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s p
In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attack
In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Rated medium severity (CVSS 6.1), this vulnerability
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload fea
In Camaleon CMS, versions 2.0.1 to 2.6.0 are vulnerable to an Uncaught Exception. Rated medium severity (CVSS 4.3), this
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36536
GHSA-vg43-9r8m-q2cc