CVE-2026-54262

Summary

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.

Affected Software

VendorProductVersion RangeStatus
wagtailwagtail< 7.0.8affected
wagtailwagtail>= 7.1.0, < 7.3.3affected
wagtailwagtail>= 7.4.0, < 7.4.2affected

Weaknesses

  • CWE-280: CWE-280: Improper Handling of Insufficient Permissions or Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References