CVE-2026-44794

Summary of CVE-2026-44794 Nautobot’s REST API, prior to versions 2.4.33 and 3.1.2, failed to enforce user permissions when validating inter-object references made via GenericForeignKey during create/update of objects containing such references. This could allow a user to reference an object they ...

CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

GHSA-WPXJ-44W3-2J6X Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Impact In the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables, when creating or updating an object containing a GenericForeignKey, Nautobot's REST API fail...

PT-2026-40717

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description Nautobot is a Network Source of Truth and Network Automation Platform. The REST API fails to enforce user view permissions when creating or updating objects that us...