Main Vulnerability Database Vulnerabilities #VU130199

Improper Handling of Insufficient Permissions or Privileges in wagtail - #VU130199

Published: May 5, 2026

Vulnerability identifier: #VU130199

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-280

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Torchbox

Affected software:
wagtail

Detailed vulnerability description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper handling of insufficient permissions or privileges in the Documents and Images API when listing items in private collections. A remote attacker can query the API to disclose sensitive information.

The exposed information is limited to the filename and name of documents and images in private collections.

Remediation

Install security update from vendor's website.

Sources

https://github.com/wagtail/wagtail/security/advisories/GHSA-p5gm-92h4-6pv6

Improper Handling of Insufficient Permissions or Privileges in wagtail - #VU130199

Detailed vulnerability description

Remediation

Sources

Please verify you're human