Race Condition Vulnerability in awesto django-shop by Awesto
CVE-2026-16212
Key Information:
- Vendor
Awesto
- Status
- Vendor
- CVE Published:
- 19 July 2026
Badges
What is CVE-2026-16212?
A race condition vulnerability has been discovered in awesto django-shop, specifically affecting version 1.2.4. This vulnerability resides in the Purchase Stock Handler component located in shop/models/inventory.py. The flaw can be exploited remotely, indicating a potential risk to users of the software. The complexity of the attack is considered to be high, making successful exploitation challenging. However, the exploit code is publicly available, which may increase the likelihood of attacks. Despite being notified early about this issue, the development team has yet to provide a response or a patch.
Affected Version(s)
django-shop 1.2.0
django-shop 1.2.1
django-shop 1.2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
