Question 1

What is CVE-2026-10715 — CVE-2026-10715?

Accepted Answer

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post_type/<POST_TYPE_ID>/drafts and overwrite the draft associated with another user's post.

Question 2

What is the authoritative source for CVE-2026-10715?

Accepted Answer

CVE-2026-10715 (CVE-2026-10715) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

EPSS	0.21% probability of exploitation · percentile 11.8% · 2026-06-18T12:00:27Z
Last modified	2026-06-15

CVE-2026-10715CVE-2026-10715

Description

Scoring