Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1523

NIXPKGS-2026-1523
published 1 month, 1 week ago
Permalink CVE-2026-44198
4.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created suggestion 1 month, 1 week ago
  • @LeSuisse ignored
    9 packages
    • python312Packages.wagtail-localize
    • python313Packages.wagtail-localize
    • python314Packages.wagtail-localize
    • python312Packages.wagtail-factories
    • python313Packages.wagtail-factories
    • python314Packages.wagtail-factories
    • python312Packages.wagtail-modeladmin
    • python313Packages.wagtail-modeladmin
    • python314Packages.wagtail-modeladmin
    1 month, 1 week ago
  • @LeSuisse accepted 1 month, 1 week ago
  • @LeSuisse published on GitHub 1 month, 1 week ago
Wagtail: Improper permission handling when viewing page history

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.

Affected products

wagtail
  • ==< 7.0.7
  • ==>= 7.1, < 7.3.2

Matching in nixpkgs

pkgs.python313Packages.wagtail

Django content management system focused on flexibility and user experience

  • nixos-unstable 7.3
    • nixpkgs-unstable 7.3
    • nixos-unstable-small 7.3

pkgs.python314Packages.wagtail

Django content management system focused on flexibility and user experience

  • nixos-unstable 7.3
    • nixpkgs-unstable 7.3
    • nixos-unstable-small 7.3
Ignored packages (9)

Package maintainers