CNNVD-202602-559 Information
CNNVD ID
CNNVD-202602-559
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Wagtail是Wagtail开源的一套开源的内容管理系统(CMS)。 Wagtail 6.3.6之前版本、7.0.4之前版本、7.1.3之前版本、7.2.2之前版本和7.3之前版本存在安全漏洞,该漏洞源于预览端点缺少权限检查,可能导致获取任意页面、片段或站点设置的预览渲染。
Description (English)
Wagtail is an open-source content management system (CMS) for Wagtail open source. There is a security loophole in the previous version of Wagtail 6.3.6, the previous version of 7.4, the previous version of 7.1.3, the previous version of 7.2.2 and the previous version of 7.3, which arises from the lack of permission checks at the preview end point, which may lead to any preview rendering of any page, segment or site settings.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Wagtail
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719 https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190 https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915 https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03 https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m348
Patch
https://github.com/wagtail/wagtail/releases
Share on: