Home / Vulnerability Intelligence / CVE-2026-41524

CVE-2026-41524 - Vulnerability Analysis

HighCVSS: 8.7

Last Updated: May 8, 2026

Brave CMS - Stored XSS

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

Brave CMS prior to commit 6c56603 contains a stored XSS vulnerability caused by unescaped rendering of CKEditor content with Laravel Blade's {!! !!} directive, letting editor-role users execute JavaScript in visitors' browsers, exploit requires editor-role privileges.

Severity & Score

Severity: High

CVSS Score: 8.7

Impact

Editor-role users can execute arbitrary JavaScript in visitors' browsers, leading to session hijacking or defacement.

Mitigation

Update to the version including commit 6c56603 or later.

References

https://github.com/Ajax30/BraveCMS-2.0/commit/6c5660373cf5f0ca9181603280427aca46ef11ea
https://github.com/Ajax30/BraveCMS-2.0/security/advisories/GHSA-xj46-722x-6433

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41524
Severity: High
CVSS Score: 8.7
Type: stored_xss
Status: rejected

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N