Back to overview

CVE-2026-16216

MEDIUM
4.3
CVSS 3.1
Description
A weakness has been identified in geex-arts django-jet up to 1.0.8. Affected is an unknown function of the component OAuth Handler. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID
CVE-2026-16216
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-18 09:51 UTC
Published
2026-07-19 05:00 UTC
Last updated
2026-07-19 05:00 UTC
Primary CWE
CWE-352
Cross-Site Request Forgery
Vendor / Product
geex-arts / django-jet
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
geex-arts django-jet 1.0.0, 1.0.1, 1.0.2, 1.0.3 …
Weakness (CWE)
CWESourceDescription
CWE-352 cna Cross-Site Request Forgery
CWE-862 cna Missing Authorization
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
5.0 N/D 2.0 cna AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
4.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
References (6)
Back to overview