CVE Catalog

CVE-2026-54262

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

In Wagtail, an open source content management system built on Django, versions prior to 7.0.8, 7.3.3, and 7.4.2 allow a low-level user with the 'Can submit translation' permission to create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.

Risk Assessment

The risk involves unauthorized access to content and potential manipulation of page translations, which could lead to disclosure of sensitive information or data integrity breaches.

Recommendation

It is recommended to immediately upgrade Wagtail to version 7.0.8, 7.3.3, or 7.4.2, depending on the release branch in use.

Original NVD description (English source)

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS