Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7Blast Radius
ecosystem impact- 1 pypi packages depend on django-mdeditor (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.1.20.
DescriptionCVE.org
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file names.
AnalysisAI
Remote code execution in django-mdeditor (all versions prior to commit 3e80f9e) allows unauthenticated attackers to upload malicious files via the image upload endpoint. The vulnerability combines missing authentication (CWE-306) with insufficient filename sanitization, enabling arbitrary code execution when uploaded files are accessed. Exploit code is publicly available (CVSS E:P), though user interaction is required (UI:R). EPSS data not available, not listed in CISA KEV at time of analysis.
Technical ContextAI
django-mdeditor is a Python package providing a Markdown editor widget for Django web applications. The vulnerability exists in the UploadImageView class (mdeditor/views.py line 25) which handles image uploads for the editor. The endpoint is exposed without Django's standard authentication decorators or middleware checks, and accepts file uploads without validating file content beyond extension checking. The CVSS vector indicates network-based attack (AV:N) with low complexity (AC:L) requiring no privileges (PR:N), classified under CWE-306 (Missing Authentication for Critical Function). The code uses Django's file upload handling but lacks both authentication guards and robust file type validation using magic bytes or image library verification, allowing attackers to upload executable files (e.g., Python .py files, server-side scripts) disguised with image extensions.
RemediationAI
Update django-mdeditor to a version incorporating commit 3e80f9edcabc5d2fc136b05a501964b8a5e97cfe or later from https://github.com/pylixm/django-mdeditor. The patch introduces two protections: optional authentication requirement via upload_require_auth configuration flag (defaults to False for backward compatibility) and Pillow-based image validation to verify uploaded files are legitimate images. Enable authentication by adding 'upload_require_auth': True to MDEDITOR_CONFIGS in Django settings.py, which restricts uploads to authenticated users only. If immediate patching is not feasible, implement compensating controls: restrict access to the /mdeditor/upload endpoint using Django middleware or web server ACLs to authenticated users only; configure file upload directory outside the web root with no execute permissions; implement Content-Security-Policy headers to prevent uploaded script execution; or disable the mdeditor upload functionality entirely and use external image hosting. Note that enabling upload_require_auth changes application behavior and may break workflows expecting anonymous uploads. Vendor advisory available at https://security.snyk.io/vuln/SNYK-PYTHON-DJANGOMDEDITOR-8630926.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209593