CVE-2026-16214
MEDIUM
6.3
CVSS 3.1
Description
A vulnerability was identified in geex-arts django-jet up to 1.0.8. This affects an unknown function of the file jet/dashboard/views.py of the component Dashboard Module. Such manipulation leads to authorization bypass. The attack can be executed remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Metadata
Severity & Metrics
6.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| geex-arts | django-jet | — | 1.0.0, 1.0.1, 1.0.2, 1.0.3 … |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 6.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.3 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 5.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-380037 | geex-arts django-jet Dashboard views.py authorization https://vuldb.com/vuln/380037
- VDB-380037 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/380037/cti
- CVE-2026-16214 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-16214
- Submit #857945 | geex-arts django-jet 0cc1e636109f680de6759ac30c0b14ef980883bc CWE-639 Authorization Bypass Through User-Controlled Key https://vuldb.com/submit/857945
- https://github.com/geex-arts/django-jet/issues/528
- https://github.com/geex-arts/django-jet/