Main Vulnerability Database Vulnerabilities #VU130196

Improper Handling of Insufficient Permissions or Privileges in wagtail - #VU130196

Published: May 5, 2026

Vulnerability identifier: #VU130196

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-280

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Torchbox

Affected software:
wagtail

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper handling of insufficient permissions or privileges in the revision compare view when comparing page revisions by primary key. A remote user can supply the primary keys of two revisions to disclose sensitive information.

The issue affects CMS users who do not have permission to edit the page.

Remediation

Install security update from vendor's website.

Sources

https://github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj

Improper Handling of Insufficient Permissions or Privileges in wagtail - #VU130196

Detailed vulnerability description

Remediation

Sources

Please verify you're human