What is GHSA-vg43-9r8m-q2cc?

GHSA-vg43-9r8m-q2cc is a security advisory published by GitHub Security Advisories with Medium severity. Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft...

Which CVE IDs does GHSA-vg43-9r8m-q2cc cover?

GHSA-vg43-9r8m-q2cc covers the following CVE IDs: CVE-2026-10715. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-vg43-9r8m-q2ccMedium

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft...

Vendor

GitHub Security Advisories

Published

June 12, 2026

Last Modified

June 12, 2026

🔗 CVE IDs covered (1)

CVE-2026-10715 →

📋 Description

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-10715
https://fluidattacks.com/es/advisories/billie
https://github.com/owen2345/camaleon-cms
https://github.com/advisories/GHSA-vg43-9r8m-q2cc