PT-2026-39235 · Wagtail · Wagtail
Thesanjok
·
Published
2026-05-08
·
Updated
2026-05-11
·
CVE-2026-44200
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Wagtail versions prior to 7.0.7
Wagtail versions prior to 7.3.2
Description
Improper permission handling allows a CMS user with limited page access to copy a page they are not authorized to access to a site area where they do have permissions. This enables the user to view the contents of the unauthorized page and potentially publish it, as permissions were verified for the copy destination but not for the source page.
Recommendations
Update to version 7.0.7.
Update to version 7.3.2.
Update to version 7.4 LTS.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wagtail