Back to overview

CVE-2026-16213

LOW
3.3
CVSS 3.1
Description
A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entry_protection.py of the component Protected Entry Password Handler. The manipulation results in cleartext storage of sensitive information. The attack needs to be approached locally. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID
CVE-2026-16213
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-18 08:52 UTC
Published
2026-07-19 04:00 UTC
Last updated
2026-07-19 04:00 UTC
Primary CWE
CWE-312
Cleartext Storage of Sensitive Information
Vendor / Product
Fantomas42 / django-blog-zinnia
Sources
cve.org  ·  NVD

Severity & Metrics

3.3 LOW CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
Fantomas42 django-blog-zinnia 0.1, 0.2, 0.3, 0.4 …
Weakness (CWE)
CWESourceDescription
CWE-310 cna Cryptographic Issues
CWE-312 cna Cleartext Storage of Sensitive Information
CVSS scores (4)
ScoreSeverityVersionSourceVector
4.8 MEDIUM 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X
3.3 LOW 3.1 cna CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
3.3 LOW 3.0 cna CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
1.7 N/D 2.0 cna AV:L/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:ND/RC:UR
References (6)
Back to overview