Resource exhaustion in Wagtail
CVE-2026-54260
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in po…
Vulnerability class: DoS (Denial of Service)
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.
Affected products
- Wagtail — versions < 7.0.8, >= 7.1.0, < 7.3.3, >= 7.4.0, < 7.4.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-54260?
- CVE-2026-54260 is a medium-severity vulnerability in Wagtail, classified under Uncontrolled Resource Consumption. CVSS score: 4.3/10. Published 2026-07-01.
- How severe is CVE-2026-54260?
- Medium severity. CVSS v3 base score is 4.3 out of 10.