CVE-2026-54262

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/07/2026
Last modified:
02/07/2026

Description

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:* 7.0.8 (excluding)
cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:* 7.1 (including) 7.3.3 (excluding)
cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:* 7.4 (including) 7.4.2 (excluding)