PatchSiren

Camaleon CMS CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Camaleon CMS CVE published 2026-06-12

CVE-2026-10715

CVE-2026-10715 is an improper authorization vulnerability in Camaleon CMS 2.9.2. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post. The CVSS score for this vulnerability is 5.1, and the severity is rated as MEDIUM.