Broken Access Control Vulnerability in Textpattern CMS by Textpattern
CVE-2026-30452

6.5MEDIUM

Key Information:

Vendor: Textpattern
Status: Textpattern CMS
Vendor: CVE Published:; 21 April 2026

🔔 Create Textpattern Vulnerability Alert

What is CVE-2026-30452?

Textpattern CMS version 4.9.0 contains a security flaw in its article management system. This vulnerability permits authenticated users with limited privileges to manipulate the article ID parameter, allowing them to modify articles created by users with elevated privileges. This breach occurs during the duplicate-and-save process in the file located at textpattern/include/txp_article.php. By exploiting this flaw, attackers can override content belonging to other users, raising serious concerns about data integrity and access control within the content management system.

References

https://github.com/textpattern/textpattern

https://textpattern.com/weblog/textpattern-491-released-s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30452 Data

JSON