Main Vulnerability Database Vulnerabilities #VU130200

Improper Handling of Insufficient Permissions or Privileges in wagtail - #VU130200

Published: May 5, 2026

Vulnerability identifier: #VU130200

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-280

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Torchbox

Affected software:
wagtail

Detailed vulnerability description

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper handling of insufficient permissions or privileges in page copy permission checks when copying pages. A remote user can copy a page they cannot access into an area of the site they do control to disclose sensitive information.

The copied page may then become viewable to the user, and it may also be possible to publish it.

Remediation

Install security update from vendor's website.

Sources

https://github.com/wagtail/wagtail/security/advisories/GHSA-67rv-mg8q-5pf3

Improper Handling of Insufficient Permissions or Privileges in wagtail - #VU130200

Detailed vulnerability description

Remediation

Sources

Please verify you're human