Security Flaw in Wagtail CMS by Wagtail
CVE-2026-54259
4.3MEDIUM
What is CVE-2026-54259?
In Wagtail CMS versions prior to 7.0.8, 7.3.3, and 7.4.2, an improper access control vulnerability allows admin users to view filenames, names, and URLs of documents and images that are not authorized for their access. Although this security issue cannot be exploited by regular site visitors lacking admin privileges, it poses a risk for data confidentiality within the platform. Users are advised to update their installations to the latest versions to mitigate this vulnerability.
Affected Version(s)
wagtail < 7.0.8 < 7.0.8
wagtail >= 7.1.0, < 7.3.3 < 7.1.0, 7.3.3
wagtail >= 7.4.0, < 7.4.2 < 7.4.0, 7.4.2
