Intel

AIKIDO-2026-463105

wagtail is vulnerable to Denial of Service (DoS)

Denial of Service (DoS)CVE-2026-54260 Published 3 days ago

43

Medium Risk

This Affects:

PYTHONwagtail
0.0.1 - 7.0.7
Fixed in 7.0.8
7.1.0 - 7.3.2
Fixed in 7.3.3
7.4.0 - 7.4.1
Fixed in 7.4.2
Are you affected? Scan for Free

TL;DR

The image preview endpoint accepts arbitrary filter specs without restricting the allowed operations. An authenticated Wagtail admin user can request purposefully crafted filter specs that trigger expensive rendition processing. This can lead to service degradation through uncontrolled resource consumption. The fix limits the preview endpoint to a small set of allowed filter operations.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and grant users access to the Wagtail admin.

Background info

wagtail is vulnerable to Denial of Service (DoS) in versions 0.0.1 - 7.0.7, 7.1.0 - 7.3.2 and 7.4.0 - 7.4.1.

How to fix this

Upgrade the wagtail library to the patch version.