CVE-2026-44199
Wagtail has improper permission handling when deleting form submissions
6.5
MEDIUM
CVSS 3.1
EPSS 0.03%
描述
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
如何修補 CVE-2026-44199
要修補 CVE-2026-44199,請將受影響套件升級到下列已修補版本。
- —升級至 7.0.7 或更新版本
- —升級至 7.0.7 或更新版本
CVE-2026-44199 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 7.0.7
- from 0, < 7.0.7, >= 7.1, < 7.3.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |