PT-2026-24466 · Unknown · Django-Unicorn

Rinz27

Published

2026-03-10

Updated

2026-03-11

CVE-2026-31815

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Unicorn versions prior to 0.67.0

Description A flaw exists in django-unicorn that allows manipulation of component state due to insufficient access control checks when updating properties and calling methods. An attacker can bypass the intended protection to modify internal attributes like template name or trigger protected methods. This impacts the integrity of the application by allowing unauthorized state changes within the reactive components.

Recommendations Update to version 0.67.0 or later.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-915

Related Identifiers

CVE-2026-31815

GHSA-FFV6-JJ46-X367

Affected Products

Django-Unicorn

PT-2026-24466 · Unknown · Django-Unicorn

CVE-2026-31815

Weakness Enumeration

Related Identifiers

Affected Products

References · 7