PT-2026-54836 · Wagtail · Wagtail

Harshakshit

·

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-54259

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.8 Wagtail versions prior to 7.3.3 Wagtail versions prior to 7.4.2
Description The Documents and Images chooser's chosen endpoint incorrectly lists items for which the user has not been granted choose permission. A user with access to the Wagtail admin can view the filename, name, and URLs of documents and images within those collections. This issue is not exploitable by site visitors who lack access to the Wagtail admin.
Recommendations Update to version 7.0.8 Update to version 7.3.3 Update to version 7.4.2

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-54259
PYSEC-2026-612

Affected Products

Wagtail