Cyber Resilience

CVE-2026-35047

Critical

Published: 06 April 2026

Published
06 April 2026
Modified
10 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0055 41.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-35047 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Ajax30 Bravecms. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-35047 is an unrestricted file upload vulnerability affecting Brave CMS, an open-source content management system, in versions prior to 2.0.6. The flaw resides in the CKEditor endpoint, which permits attackers to upload arbitrary files, including executable scripts. This issue, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for remote code execution (RCE) on the server.

The vulnerability can be exploited remotely by unauthenticated attackers with no privileges or user interaction required. By sending a malicious file upload request to the affected CKEditor endpoint, an attacker can upload executable scripts, leading to RCE. Successful exploitation may result in full server compromise, data exfiltration, or service disruption, impacting all users running vulnerable versions of BraveCMS.

Mitigation is available through the patch released in BraveCMS version 2.0.6. The GitHub security advisory (GHSA-9rcc-w59j-965v), associated pull request (#122), and fixing commit (058ee4ed7c2b39d540af8274024afcbc9532aa83) detail the resolution, recommending immediate upgrades for all affected installations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allows attackers to upload arbitrary files, including executable scripts. This may lead to Remote Code Execution (RCE) on the server, potentially resulting…

more

in full system compromise, data exfiltration, or service disruption. All users running affected versions of BraveCMS are impacted. This vulnerability is fixed in 2.0.6.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

CVE enables exploitation of public-facing web application (T1190) via unrestricted file upload in CKEditor endpoint, allowing unauthenticated RCE through executable script upload, directly facilitating web shell deployment (T1100).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35164Same product: Ajax30 Bravecms
CVE-2026-35183Same product: Ajax30 Bravecms
CVE-2026-35182Same product: Ajax30 Bravecms
CVE-2025-22654Shared CWE-434
CVE-2025-11948Shared CWE-434
CVE-2025-67260Shared CWE-434
CVE-2025-28915Shared CWE-434
CVE-2023-53956Shared CWE-434
CVE-2025-6058Shared CWE-434
CVE-2021-47819Shared CWE-434

Affected Assets

ajax30
bravecms
2.0.0 — 2.0.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates unrestricted file uploads by validating uploaded files against dangerous types and contents at the CKEditor endpoint.

prevent

Addresses the specific vulnerability by requiring timely remediation through patching to version 2.0.6 or later.

prevent

Enforces restrictions on file upload inputs to permit only safe types, blocking executable scripts at the vulnerable endpoint.

References