CVE-2026-44198

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

CVE-2026-44201

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

PYSEC-2026-150

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

PYSEC-2026-147

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

PT-2026-39234

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Description A CMS user with limited access to form pages can delete submissions for pages they are not authorized to access. This is achieved by crafting a form submission to dele...

EUVD-2026-5345

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

Wagtail CMS 安全漏洞

Wagtail CMS is a content management system from Wagtail Open Source. A security vulnerability exists in Wagtail CMS version 6.4.1, which stems from a stored cross-site scripting attack due to the document upload feature...

Wagtail 跨站脚本漏洞

Torchbox Wagtail is an open source content management system CMS from the UK-based Torchbox. A cross-site scripting vulnerability exists in Wagtail versions 1.5 through 4.1.4, 4.2, and 4.2.1, which stems from a memory exhaustion issue in Wagtail's handling of uploaded images and documents,...

PYSEC-2022-13

Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...

Wagtail 跨站脚本漏洞

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Wagtail that stems from the fact that Wagtail does not apply server-side checks to ensure that the link url uses a valid protocol...