Django · Django · CVE-2026-4277
Name of the Vulnerable Software and Affected Versions
Django versions 6.0 through 6.0.3, 5.2 through 5.2.12, and 4.2 through 4.2.29
Description
A flaw exists in the permission validation process for inline model instances within `GenericInlineModelAdmin` when handling forged `POST` data. This could allow unauthorized access or modification of data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) may also be affected.
Recommendations
Update to Django version 6.0.4 or later.
Update to Django version 5.2.13 or later.
Update to Django version 4.2.30 or later.