Information Disclosure Vulnerability in Wagtail CMS by Wagtail
CVE-2026-44198

4.3MEDIUM

Key Information:

Vendor: Wagtail
Status: Wagtail
Vendor: CVE Published:; 11 May 2026

What is CVE-2026-44198?

Wagtail is an open-source content management system built on the Django framework. A flaw in versions prior to 7.0.7, 7.3.2, and 7.4 allowed CMS users without editing permissions to access the history report of a page. This unintended access could lead to the disclosure of sensitive information, posing a risk to user privacy and data security. The vulnerability has been addressed in the specified newer versions.

Affected Version(s)

wagtail < 7.0.7 < 7.0.7

wagtail >= 7.1, < 7.3.2 < 7.1, 7.3.2

References

https://github.com/wagtail/wagtail/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44198 Data

JSON