CVE-2026-44198

EUVD-2026-29074
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Affected Products (NVD)
VendorProductVersion
torchboxwagtail
𝑥
< 7.0.7
torchboxwagtail
7.1 ≤
𝑥
< 7.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/wagtail/wagtail/security/advisories/GHSA-c4mr-889m-vgf6