CVE-2026-6611

| EUVD-2026-23787 LOW
2026-04-20 VulDB GHSA-hq9j-qh3w-qvg3
File Upload Djangoblog
2.3
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 20, 2026 - 07:26 vuln.today
CVSS Changed
Apr 20, 2026 - 07:22 NVD
3.1 (LOW) 2.3 (LOW)

DescriptionNVD

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRET_KEY results in use of hard-coded cryptographic key . Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

DjangoBlog versions up to 2.1.0.0 use a hard-coded cryptographic key in djangoblog/settings.py when the SECRET_KEY argument is manipulated during file upload operations, allowing remote attackers with user interaction to obtain sensitive information. The attack requires high complexity and user participation, resulting in a low confidentiality impact (CVSS 2.3). …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6611 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy