CVE-2026-54262
MEDIUM
4.3
CVSS 3.1
Description
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
Metadata
Severity & Metrics
4.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| wagtail | wagtail | — | < 7.0.8, >= 7.1.0, < 7.3.3, >= 7.4.0, < 7.4.2 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-280 | cna | CWE-280: Improper Handling of Insufficient Permissions or Privileges |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References (1)
- https://github.com/wagtail/wagtail/security/advisories/GHSA-8634-mr4j-r72c https://github.com/wagtail/wagtail/security/advisories/GHSA-8634-mr4j-r72c