CVE-2026-44197 | THREATINT

Description

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.

PUBLISHED Reserved 2026-05-05 | Published 2026-05-11 | Updated 2026-05-11 | Assigner GitHub_M

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-280: Improper Handling of Insufficient Permissions or Privileges

Product status

< 7.0.7

affected

>= 7.1, < 7.3.2

affected

References

github.com/...agtail/security/advisories/GHSA-c6wj-9vcj-75pj

cve.org (CVE-2026-44197)

nvd.nist.gov (CVE-2026-44197)

Download JSON