Back to overview

CVE-2026-16212

MEDIUM
4.2
CVSS 3.1
Description
A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads to race condition. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID
CVE-2026-16212
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-18 08:48 UTC
Published
2026-07-19 03:45 UTC
Last updated
2026-07-19 03:45 UTC
Primary CWE
CWE-362
Race Condition
Vendor / Product
awesto / django-shop
Sources
cve.org  ·  NVD

Severity & Metrics

4.2 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
awesto django-shop 1.2.0, 1.2.1, 1.2.2, 1.2.3 …
Weakness (CWE)
CWESourceDescription
CWE-362 cna Race Condition
CVSS scores (4)
ScoreSeverityVersionSourceVector
4.2 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
4.2 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
3.6 N/D 2.0 cna AV:N/AC:H/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR
2.3 LOW 4.0 cna CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
References (6)
Back to overview