Vulnerability in Wagtail
CVE-2026-54259
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose pe…
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Wagtail — versions < 7.0.8, >= 7.1.0, < 7.3.3, >= 7.4.0, < 7.4.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-54259?
- CVE-2026-54259 is a medium-severity vulnerability in Wagtail, classified under Improper Handling of Insufficient Permissions or Privileges. CVSS score: 4.3/10. Published 2026-07-01.
- How severe is CVE-2026-54259?
- Medium severity. CVSS v3 base score is 4.3 out of 10.