Back to overview

CVE-2026-16215

MEDIUM
6.5
CVSS 3.1
Description
A security flaw has been discovered in geex-arts django-jet up to 1.0.8. This impacts an unknown function of the component OAuth Credential Revoke Handler. Performing a manipulation results in missing authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID
CVE-2026-16215
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-18 09:51 UTC
Published
2026-07-19 04:30 UTC
Last updated
2026-07-19 04:30 UTC
Primary CWE
CWE-862
Missing Authorization
Vendor / Product
geex-arts / django-jet
Sources
cve.org  ·  NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
geex-arts django-jet 1.0.0, 1.0.1, 1.0.2, 1.0.3 …
Weakness (CWE)
CWESourceDescription
CWE-862 cna Missing Authorization
CWE-863 cna Incorrect Authorization
CVSS scores (4)
ScoreSeverityVersionSourceVector
6.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.5 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
6.5 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
6.4 N/D 2.0 cna AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR
References (6)
Back to overview