CVE-2026-4292

Опубликовано: 07 апр. 2026

Источник: nvd

CVSS3: 2.7

EPSS Низкий

Описание

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.list_editable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Cantina for reporting this issue.

Ссылки

EPSS

Процентиль: 1%

0.00008

Низкий

2.7 Low

CVSS3

Дефекты

CWE-862

Связанные уязвимости

CVE-2026-4292

CVSS3: 2.7

ubuntu

3 дня назад

Privilege abuse in ModelAdmin.list_editable

CVE-2026-4292

CVSS3: 5.3

redhat

3 дня назад

A flaw was found in Django. Admin changelist forms utilizing `ModelAdmin.list_editable` were susceptible to improper access control. A remote attacker could exploit this by sending forged `POST` data, leading to the unauthorized creation of new instances within the application.

CVE-2026-4292

CVSS3: 2.7

debian

3 дня назад

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ...

GHSA-mmwr-2jhp-mc7j

CVSS3: 2.7

github

3 дня назад

Django vulnerable to privilege abuse in ModelAdmin.list_editable

EPSS

Процентиль: 1%

0.00008

Низкий

2.7 Low

CVSS3

Дефекты

CWE-862