Resource exhaustion in Wagtail

CVE-2026-54260

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in po…

Vulnerability class: DoS (Denial of Service)

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.

Affected products

  • Wagtail — versions < 7.0.8, >= 7.1.0, < 7.3.3, >= 7.4.0, < 7.4.2

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-54260?
CVE-2026-54260 is a medium-severity vulnerability in Wagtail, classified under Uncontrolled Resource Consumption. CVSS score: 4.3/10. Published 2026-07-01.
How severe is CVE-2026-54260?
Medium severity. CVSS v3 base score is 4.3 out of 10.