CVE-2026-4277

Опубликовано: 07 апр. 2026

Источник: nvd

EPSS Низкий

Описание

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank N05ec@LZU-DSLab for reporting this issue.

Ссылки

EPSS

Процентиль: 2%

0.00013

Низкий

Дефекты

CWE-862

Связанные уязвимости

CVE-2026-4277

ubuntu

3 дня назад

Privilege abuse in GenericInlineModelAdmin

CVE-2026-4277

CVSS3: 5.4

redhat

3 дня назад

A flaw was found in Django. This vulnerability allows an attacker to bypass permission validation by submitting forged `POST` data to the `GenericInlineModelAdmin` component. As a result, unauthorized inline model instances could be added, potentially leading to privilege abuse or unauthorized data manipulation within the application.

CVE-2026-4277

debian

3 дня назад

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ...

GHSA-pwjp-ccjc-ghwg

github

3 дня назад

Django vulnerable to privilege abuse in GenericInlineModelAdmin

EPSS

Процентиль: 2%

0.00013

Низкий

Дефекты

CWE-862