CVE-2026-44201

Wagtail: Improper restriction handling on Documents and Images API

CVSS 5.3 MEDIUMEPSS 0.3%CWE-280

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

wagtail · wagtail

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6