CVE-2026-30452

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N                                    

Vulnerability Description

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in textpattern/include/txp_article.php, an attacker can bypass authorization checks and overwrite content belonging to other users.

Vulnerability Details

Published Date

April 21, 2026

Last Modified

April 22, 2026

CWE ID

CWE-284

Source

NVD

External References

https://github.com/textpattern/textpattern
https://textpattern.com/weblog/textpattern-491-released-security-fixes-patches-and-tweaks

CVE-2026-30452

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment