Primary

Context

Wagtail Improper Permission Handling Vulnerability in Page Copying

Vulnerability

Patched

A vulnerability exists in Wagtail, an open-source content management system built on Django, prior to versions 7.0.7, 7.3.2, and 7.4. The issue arises from improper permission handling, allowing a CMS user with limited access to pages to copy a page they do not have access to into an area of the site where they do. Once copied, the user could view the contents of the page and potentially publish it. While permissions were correctly checked for the destination of the copy, they were not enforced for the source page.

Impact

Exploitation of this vulnerability could lead to unauthorized access to page contents and the ability to publish those contents, bypassing established permission restrictions.

Remediation

Users can upgrade to Wagtail versions 7.0.7, 7.3.2, or 7.4 to address this vulnerability.

Added: May 11, 2026, 4:35 PM

Updated: May 11, 2026, 4:35 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

5.4

remediation

7.7

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.3

exploitability

5.4

remediation

7.7

relevance

8.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wagtail Improper Permission Handling Vulnerability in Page Copying

Vulnerability

Impact

Remediation

Affected Products

Wagtail

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating