23 matches found
PYSEC-2026-1688 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Impact A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages or specifically on...
nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44798 via nautobot (>=3.0.0rc2 <=3.1.1)
nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44798 Source advisory: SNYK:PYTHON-NAUTOBOT-16691141...
nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44797 via nautobot (>=3.0.0rc2 <=3.1.1)
nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44797 Source advisory: OSV:GHSA-C35Q-VXRP-PH26...
nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44796 via nautobot (>=3.0.0rc2 <=3.1.1)
nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44796 Source advisory: SNYK:PYTHON-NAUTOBOT-16691221...
nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44794 via nautobot (>=3.0.0rc2 <=3.1.1)
nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44794 Source advisory: SNYK:PYTHON-NAUTOBOT-16691222...
nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44794 via nautobot (>=3.0.0rc2 <=3.1.1)
nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44794 Source advisory: OSV:GHSA-WPXJ-44W3-2J6X...
PT-2026-40720
Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description A user with permissions to add or modify a GitRepository record can use the REST API to directly set the current head field, which is not intended to be...
Nautobot: Management of users via REST API does not apply configured password validators
Impact In Nautobot versions prior to 2.4.30 or prior to 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's...
nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +2 more potentially affected by CVE-2025-49143 via nautobot (>=2.0.0 <=2.3.4)
nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2025-49143 Source advisory: OSV:GHSA-RH67-4C8J-HJJH...
nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +2 more potentially affected by CVE-2025-49143 via nautobot (>=2.0.0 <=2.3.4)
nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2025-49143 Source advisory: SNYK:PYTHON-NAUTOBOT-10337820...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: SNYK:PYTHON-NAUTOBOT-10337820...
nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +2 more potentially affected by CVE-2025-49142 via nautobot (>=2.0.0 <=2.3.4)
nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2025-49142 Source advisory: OSV:PYSEC-2025-79...
CVE-2025-49143
Summary: CVE-2025-49143 affects Nautobot before v2.4.10 and v1.6.32. The issue is improper access control on files stored in Nautobot’s MEDIA_ROOT, including DeviceType images and other attachments, which could be retrieved by anonymous users via guessed URLs. Affected versions: Nautobot 2.x vers...
CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...
nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +1 more potentially affected by CVE-2024-36112 via nautobot (>=2.0.0 <=2.2.9)
nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 Source cves: CVE-2024-36112 Source advisory: OSV:PYSEC-2024-166...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2024-29199 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-29199 Source advisory: OSV:GHSA-M732-WVH2-7CQ4...
nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +25 more potentially affected by CVE-2023-51649 via nautobot (>=1.5.16 <=1.6.32)
nautobot PYPI version =1.5.16, =0.7.0, =1.1.0, =1.8.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-51649 Source advisory: OSV:GHSA-VF5M-XRHM-V999...
nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +25 more potentially affected by CVE-2023-51649 via nautobot (>=1.5.16 <=1.6.32)
nautobot PYPI version =1.5.16, =0.7.0, =1.1.0, =1.8.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-51649 Source advisory: OSV:PYSEC-2023-287...
nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +27 more potentially affected by CVE-2023-48705 via nautobot (>=1.0.3 <=1.6.32)
nautobot PYPI version =1.0.3, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-48705 Source advisory: OSV:GHSA-CF9F-WMHP-V4PR...
nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +27 more potentially affected by CVE-2023-48705 via nautobot (>=1.0.3 <=1.6.32)
nautobot PYPI version =1.0.3, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-48705 Source advisory: OSV:PYSEC-2023-285...