Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-4277

Опубликовано: 07 апр. 2026
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

A flaw was found in Django. This vulnerability allows an attacker to bypass permission validation by submitting forged POST data to the GenericInlineModelAdmin component. As a result, unauthorized inline model instances could be added, potentially leading to privilege abuse or unauthorized data manipulation within the application.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2automation-controllerFix deferred
Red Hat Ansible Automation Platform 2redhat-user-workloads/automation-reportsFix deferred
Red Hat Ansible Automation Platform 2redhat-user-workloads/controller-rhel9Fix deferred
Red Hat Ansible Automation Platform 2redhat-user-workloads/eda-controller-rhel9Fix deferred
Red Hat Ansible Automation Platform 2redhat-user-workloads/gateway-rhel9Fix deferred
Red Hat Ansible Automation Platform 2redhat-user-workloads/hub-rhel9Fix deferred
Red Hat Ansible Automation Platform 2redhat-user-workloads/lightspeed-rhel8Fix deferred
Red Hat Ansible Automation Platform 2redhat-user-workloads/lightspeed-rhel9Fix deferred
Red Hat Ansible Automation Platform 2redhat-user-workloads/metrics-service-rhel9Fix deferred
Red Hat Discovery 2redhat-user-workloads/discovery-serverFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-639
https://bugzilla.redhat.com/show_bug.cgi?id=2455939Django: Django: Privilege Abuse via Forged POST Data in GenericInlineModelAdmin

EPSS

Процентиль: 2%
0.00013
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-4277

ubuntu
3 дня назад

Privilege abuse in GenericInlineModelAdmin

nvd логотип

CVE-2026-4277

nvd
3 дня назад

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank N05ec@LZU-DSLab for reporting this issue.

debian логотип

CVE-2026-4277

debian
3 дня назад

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ...

github логотип

GHSA-pwjp-ccjc-ghwg

github
3 дня назад

Django vulnerable to privilege abuse in GenericInlineModelAdmin

EPSS

Процентиль: 2%
0.00013
Низкий

5.4 Medium

CVSS3