CVE-2026-31815

Name of the Vulnerable Software and Affected Versions Unicorn versions prior to 0.67.0

Description A flaw exists in django-unicorn that allows manipulation of component state due to insufficient access control checks when updating properties and calling methods. An attacker can bypass the intended protection to modify internal attributes like template name or trigger protected methods. This impacts the integrity of the application by allowing unauthorized state changes within the reactive components.

Recommendations Update to version 0.67.0 or later.