CVE-2026-54262
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
In Wagtail, an open source content management system built on Django, versions prior to 7.0.8, 7.3.3, and 7.4.2 allow a low-level user with the 'Can submit translation' permission to create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
Risk Assessment
The risk involves unauthorized access to content and potential manipulation of page translations, which could lead to disclosure of sensitive information or data integrity breaches.
Recommendation
It is recommended to immediately upgrade Wagtail to version 7.0.8, 7.3.3, or 7.4.2, depending on the release branch in use.
Original NVD description (English source)
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.

