CVE-2026-44199

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44200 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44200 Source advisory: OSV:PYSEC-2026-149...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44197 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44197 Source advisory: OSV:PYSEC-2026-146...

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the ability for CMS users to submit content by constructing forms that allowed them to delete for...

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges on page copy. An attacker can gain unauthorized access to restricted page content by copying pages from are...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44199 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44199 Source advisory: OSV:GHSA-PWM3-7FV4-G6XX...

Wagtail has improper permission handling when viewing page history

Impact A CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature release also incorporates this fix...

aratinga (=0.1.0a0.dev3), coop (>=7.1.0 <=7.2.1) +7 more potentially affected by CVE-2026-44197 via wagtail (>=7.1.0 <=7.2.3)

wagtail PYPI version =7.1.0, =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.2.0b0 Source cves: CVE-2026-44197 Source advisory: OSV:GHSA-C6WJ-9VCJ-75PJ...

aratinga (=0.1.0a0.dev3), coop (=7.1.0) +5 more potentially affected by CVE-2026-28223 via wagtail (>=7.1.0 <=7.1.3)

wagtail PYPI version =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.1.0b0 Source cves: CVE-2026-28223 Source advisory: SNYK:PYTHON-WAGTAIL-15371182...

alertwise (=1.0.0), cjkcms-seo (=2.4.0) +19 more potentially affected by CVE-2026-28223 via wagtail (>=6.0.0 <=6.3.1)

wagtail PYPI version =6.0.0, =6.0.0, =2.1.0, =0.1.1, =1.9.0, =2.8.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.2.0 - wagtail-sb-codefield =0.4.0 and more Source cves: CVE-2026-28223 Source advisory: SNYK:PYTHON-WAGTAIL-15371182...

CVE-2026-25517

Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fields can craft a form submission to obtain a...

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Vulnerabilities exist in versions prior to Wagtail 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3. These vulnerabilities stem from the lack of permission checks on preview endpoints, which could allow unauthorized access to any...

EUVD-2020-0237

Malware in sbrugna...

cjkcms-seo (=2.4.0), wagtail-liveedit (>=0.0.9 <=0.0.10) +8 more potentially affected by CVE-2024-32882 via wagtail (>=6.0.0 <=6.0.2)

wagtail PYPI version =6.0.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-32882 Source advisory: OSV:GHSA-W2V8-PHP4-P8HC...

coderedcms (>=2.0.0 <=2.1.4), puput (=1.2.0) +31 more potentially affected by CVE-2023-45809 via wagtail (>=4.2.4 <=5.0.0rc1)

wagtail PYPI version =4.2.4, =2.0.0, =0.1.0, =0.3.4, =0.0.1, =1.6.0, =0.18.0, =0.19.2 - wagtail-hallo =0.3.0 - wagtail-images-deduplicator =1.0.0a1 and more Source cves: CVE-2023-45809 Source advisory: OSV:GHSA-FC75-58R8-RM3H...

wagtail-resume (=1.3.0), wagtail-social-share (>=0.0.6 <=0.1.1) potentially affected by CVE-2021-29434 via wagtail (>=2.12.0 <=2.12.2)

wagtail PYPI version =2.12.0, =0.0.6, =0.1.1 Source cves: CVE-2021-29434 Source advisory: OSV:PYSEC-2021-114...

coop (>=0.3.1 <=2.10.2), django-oscar-wagtail (=0.0.5) +36 more potentially affected by CVE-2021-29434 via wagtail (>=1.0.0 <=2.10.2)

wagtail PYPI version =1.0.0, =0.3.1, =0.1.1, =5.22.3, =6.3.0, =0.0.1, =0.1.0, =2.0.7, =0.3.1, =0.5.4, =0.4.1, =1.1.1 and more Source cves: CVE-2021-29434 Source advisory: OSV:PYSEC-2021-114...

wagtail-metadata-mixin (=0.0.7), wagtailperson (>=0.9.8 <=0.10.0) potentially affected by CVE-2020-11037 via wagtail (>=2.8.0 <=2.8.1)

wagtail PYPI version =2.8.0, =0.9.8, =0.10.0 Source cves: CVE-2020-11037 Source advisory: OSV:GHSA-JJJR-3JCW-F8V6...

wagtail-metadata-mixin (=0.0.7), wagtailperson (>=0.9.8 <=0.10.0) potentially affected by CVE-2020-11037 via wagtail (>=2.8.0 <=2.8.1)

wagtail PYPI version =2.8.0, =0.9.8, =0.10.0 Source cves: CVE-2020-11037 Source advisory: OSV:PYSEC-2020-153...