Description
A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-19
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access via missing authentication
Action: Patch
AI Analysis

Impact

This vulnerability arises from a missing authentication check in the logtracks Endpoint of liangliangyy DjangoBlog. The flaw allows an attacker to invoke the affected function in owntracks/views.py without any credentials, leading to unauthorized access to functionality that should be protected. The weakness is classified as CWE‑287 and CWE‑306, indicating an authentication bypass.

Affected Systems

The affected product is Liangliangyy’s DjangoBlog, version 2.1.0.0 and earlier. The specific component impacted is the logtracks Endpoint located in owntracks/views.py.

Risk and Exploitability

The CVSS base score of 6.9 reflects a moderate severity. An attacker can exploit the flaw remotely, and the public exploit code availability suggests it could be widely used. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the availability of a public exploit and the remote attack vector indicate a realistic risk that should be addressed promptly.

Generated by OpenCVE AI on April 19, 2026 at 21:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version that includes authentication for the logtracks Endpoint.
  • If an upgrade is not feasible, add an authentication check to the logtracks Endpoint views.py (e.g., @login_required) to enforce user verification.
  • Restrict network access to the Endpoint until the vulnerability is remediated, and monitor logs for suspicious activity.

Generated by OpenCVE AI on April 19, 2026 at 21:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Liangliangyy
Liangliangyy djangoblog
Vendors & Products Liangliangyy
Liangliangyy djangoblog

Mon, 20 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 19 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication
Weaknesses CWE-287
CWE-306
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Liangliangyy Djangoblog
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-20T14:06:48.414Z

Reserved: 2026-04-19T05:10:55.653Z

Link: CVE-2026-6577

cve-icon Vulnrichment

Updated: 2026-04-20T14:06:42.975Z

cve-icon NVD

Status : Deferred

Published: 2026-04-19T20:16:28.837

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-6577

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T14:58:37Z

Weaknesses