Description
A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-19
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized access via missing authentication
Action: Patch
AI Analysis

Impact

This vulnerability arises from a missing authentication check in the logtracks Endpoint of liangliangyy DjangoBlog. The flaw allows an attacker to invoke the affected function in owntracks/views.py without any credentials, leading to unauthorized access to functionality that should be protected. The weakness is classified as CWE‑287 and CWE‑306, indicating an authentication bypass.

Affected Systems

The affected product is Liangliangyy’s DjangoBlog, version 2.1.0.0 and earlier. The specific component impacted is the logtracks Endpoint located in owntracks/views.py.

Risk and Exploitability

The CVSS base score of 6.9 reflects a moderate severity. An attacker can exploit the flaw remotely, and the public exploit code availability suggests it could be widely used. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the availability of a public exploit and the remote attack vector indicate a realistic risk that should be addressed promptly.

Generated by OpenCVE AI on April 19, 2026 at 21:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version that includes authentication for the logtracks Endpoint.
  • If an upgrade is not feasible, add an authentication check to the logtracks Endpoint views.py (e.g., @login_required) to enforce user verification.
  • Restrict network access to the Endpoint until the vulnerability is remediated, and monitor logs for suspicious activity.

Generated by OpenCVE AI on April 19, 2026 at 21:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 19 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication
Weaknesses CWE-287
CWE-306
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-19T19:30:15.098Z

Reserved: 2026-04-19T05:10:55.653Z

Link: CVE-2026-6577

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-19T20:16:28.837

Modified: 2026-04-19T20:16:28.837

Link: CVE-2026-6577

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-19T21:30:26Z

Weaknesses