Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2026-4292

Опубликовано: 07 апр. 2026
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 2.7

Описание

Privilege abuse in ModelAdmin.list_editable

РелизСтатусПримечание
devel

needs-triage

esm-infra-legacy/trusty

needs-triage

esm-infra/bionic

needs-triage

esm-infra/focal

needs-triage

esm-infra/xenial

needs-triage

jammy

needs-triage

noble

needs-triage

questing

needs-triage

upstream

released

5.2.13,4.2.30

Показывать по

Ссылки на источники

EPSS

Процентиль: 1%
0.00008
Низкий

2.7 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2026-4292

CVSS3: 5.3
redhat
3 дня назад

A flaw was found in Django. Admin changelist forms utilizing `ModelAdmin.list_editable` were susceptible to improper access control. A remote attacker could exploit this by sending forged `POST` data, leading to the unauthorized creation of new instances within the application.

nvd логотип

CVE-2026-4292

CVSS3: 2.7
nvd
3 дня назад

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Cantina for reporting this issue.

debian логотип

CVE-2026-4292

CVSS3: 2.7
debian
3 дня назад

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ...

github логотип

GHSA-mmwr-2jhp-mc7j

CVSS3: 2.7
github
3 дня назад

Django vulnerable to privilege abuse in ModelAdmin.list_editable

EPSS

Процентиль: 1%
0.00008
Низкий

2.7 Low

CVSS3