Loading market data...
← Back to CVE feed

CVE-2026-10715

UNKNOWN View on NVD ↗

Description

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.

Published: Jun 12, 2026 19:16 UTC Modified: Jun 12, 2026 20:16 UTC