[Snyk:Medium] Missing Authorization Wagtail - due (05/08/2026)

### Overview
[wagtail](https://wagtail.io/) is an open source content management system built on Django.

Affected versions of this package are vulnerable to Missing Authorization via the preview endpoints in the admin interface. An attacker can obtain unauthorized preview renderings of pages, snippets, or site settings by crafting form submissions with arbitrary data. This may expose database contents that are otherwise restricted to users with edit access.

Note: This is only exploitable if the attacker has access to the admin interface.

https://app.snyk.io/vuln/SNYK-PYTHON-WAGTAIL-15189141

### Security information
Factors contributing to the scoring:
Snyk: [CVSS v4.0 5.1](https://security.snyk.io/vuln/SNYK-PYTHON-WAGTAIL-15189141) - Medium Severity | [CVSS v3.1 2.7](https://security.snyk.io/vuln/SNYK-PYTHON-WAGTAIL-15189141) - Low Severity
NVD: Not available. NVD has not yet published its analysis.
[Why are the scores different? Learn how Snyk evaluates vulnerability scores](https://docs.snyk.io/features/fixing-and-prioritizing-issues/issue-management/severity-levels#understanding-snyks-vulnerability-analysis)


### Action item:
- [ ] Upgrade wagtail@6.3.6, or to the latest

### Completion criteria:
- [ ] Wagtail package has been updated, and the Snyk vulnerability has been remediated.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk:Medium] Missing Authorization Wagtail - due (05/08/2026) #6983

Overview

Security information

Action item:

Completion criteria:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Snyk:Medium] Missing Authorization Wagtail - due (05/08/2026) #6983

Description

Overview

Security information

Action item:

Completion criteria:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions