CVE-2026-16213
LOW
3.3
CVSS 3.1
Description
A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entry_protection.py of the component Protected Entry Password Handler. The manipulation results in cleartext storage of sensitive information. The attack needs to be approached locally. The project was informed of the problem early through an issue report but has not responded yet.
Metadata
Severity & Metrics
3.3
LOW CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Fantomas42 | django-blog-zinnia | — | 0.1, 0.2, 0.3, 0.4 … |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.8 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X |
| 3.3 | LOW | 3.1 | cna | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R |
| 3.3 | LOW | 3.0 | cna | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R |
| 1.7 | N/D | 2.0 | cna | AV:L/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:ND/RC:UR |
References (6)
- VDB-380029 | Fantomas42 django-blog-zinnia Protected Entry Password entry_protection.py cleartext storage https://vuldb.com/vuln/380029
- VDB-380029 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/380029/cti
- CVE-2026-16213 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-16213
- Submit #857944 | Fantomas42 django-blog-zinnia 881101a9d1d455b2fc581d6f4ae0947cdd8126c6 CWE-312 Cleartext Storage of Sensitive Information https://vuldb.com/submit/857944
- https://github.com/Fantomas42/django-blog-zinnia/issues/595
- https://github.com/Fantomas42/django-blog-zinnia/