CVE-2026-44200
Unauthorized Page Copy in Wagtail CMS
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wagtail | wagtail | to 7.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Wagtail CMS versions prior to 7.0.7, 7.3.2, and 7.4. It allows a user with limited access to certain pages to copy a page they do not have permission to access into an area of the site where they do have access.
The core issue is that permission checks were only performed on the destination location of the copied page, but not on the source page itself. This means unauthorized users could copy restricted content to accessible areas.
Once copied, the user could view the contents of the restricted page and potentially publish it, bypassing intended access controls.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive or restricted content by allowing users to access pages they should not be able to view.
Additionally, it may allow unauthorized users to publish content they do not have permission to manage, potentially leading to misinformation or exposure of confidential information.
The vulnerability has a medium severity score (CVSS 6.5) with low attack complexity and requires only low privileges, making it a significant risk if exploited.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Wagtail CMS to one of the fixed versions: 7.0.7, 7.3.2, or 7.4.
These versions include patches that properly check permissions on the source page when copying, preventing unauthorized users from viewing or publishing restricted content.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows users with limited access to copy and view restricted content they should not have access to. Such unauthorized access to sensitive or confidential information could lead to violations of data protection regulations like GDPR or HIPAA, which require strict access controls to protect personal and sensitive data.
By enabling unauthorized viewing and potential publishing of restricted content, the vulnerability undermines the principle of least privilege and proper permission enforcement, which are critical for compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects Wagtail CMS versions prior to 7.0.7, 7.3.2, and 7.4. To detect if your system is vulnerable, first verify the installed Wagtail version.
- Check the Wagtail version by running: python -m wagtail --version or by inspecting your project's dependencies (e.g., pip show wagtail).
- If the version is older than 7.0.7, 7.3.2, or 7.4, your system is vulnerable.
Since the vulnerability involves unauthorized copying of pages, monitoring logs for unusual page copy activities by users with limited permissions may help detect exploitation attempts.
No specific network or system commands are provided in the available resources to detect exploitation attempts directly.