CVE-2026-30452

Published: Apr 21, 2026

Modified: Apr 22, 2026

PUBLISHED

Description

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in textpattern/include/txp_article.php, an attacker can bypass authorization checks and overwrite content belonging to other users.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/textpattern/textpattern

https://textpattern.com/weblog/textpattern-491-released-security-fixes-patches-and-tweaks

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-30452

Description

Affected Products

References