Intel

AIKIDO-2026-293222

wagtail is vulnerable to Improper Access Control

Improper Access ControlCVE-2026-54262 Published 3 days ago

43

Medium Risk

This Affects:

PYTHONwagtail
0.0.1 - 7.0.7
Fixed in 7.0.8
7.1.0 - 7.3.2
Fixed in 7.3.3
7.4.0 - 7.4.1
Fixed in 7.4.2
Are you affected? Scan for Free

TL;DR

The simple_translation submission view does not verify page or snippet edit permissions before creating translations. A low-privileged user holding the Can submit translation permission can create translations for any page, including pages they cannot otherwise edit. This allows unauthorized creation of translated page content. The fix adds page edit and snippet permission policy checks to the submission view.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and use the simple_translation app.

Background info

wagtail is vulnerable to Improper Access Control in versions 0.0.1 - 7.0.7, 7.1.0 - 7.3.2 and 7.4.0 - 7.4.1.

How to fix this

Upgrade the wagtail library to the patch version.