Django Vulnerability in GenericInlineModelAdmin Affects Multiple Versions
CVE-2026-4277

Currently unrated

Key Information:

Vendor

Djangoproject

Status
Django
Vendor
CVE Published:
7 April 2026

What is CVE-2026-4277?

A vulnerability was identified in Django's GenericInlineModelAdmin, where permissions on inline model instances were not properly validated during the submission of forged POST data. This can potentially lead to unauthorized access and manipulation of data in various Django applications. The issue affects versions 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Additionally, earlier unsupported Django series, such as 5.0.x, 4.1.x, and 3.2.x, may also be vulnerable. It is essential for users to upgrade to the patched versions to ensure the security of their applications.

Affected Version(s)

Django 6.0 < 6.0.4

Django 5.2 < 5.2.13

Django 4.2 < 4.2.30

References

https://docs.djangoproject.com/en/dev/releases/security/
vendor-advisory
https://groups.google.com/g/django-announce
mailing-list
https://www.djangoproject.com/weblog/2026/apr/07/security...
vendor-advisory

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

N05ec@LZU-DSLab
Jacob Walls
Jacob Walls
.