Description
A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-19
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Patch ASAP
AI Analysis

Impact

The vulnerability resides in the Clean Endpoint view of the DjangoBlog application, where authentication checks are omitted, allowing an attacker to access the endpoint without credentials. This flaw matches CWE‑287 (Authentication Bypass) and CWE‑306 (Missing Authentication). If exploited, attackers could use the endpoint to trigger actions, potentially leading to unauthorized data exposure or system manipulation, depending on the function performed by the endpoint.

Affected Systems

The issue affects liangliangyy DjangoBlog versions up to and including 2.1.0.0. No other affected product or version information is provided.

Risk and Exploitability

The CVSS score is 6.9, indicating a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The description states the attack can be initiated remotely, and the exploit is publicly available, implying that unauthenticated attackers could exploit the endpoint from outside the network. The vulnerability does not require specialized prerequisites beyond the ability to send a HTTP request to the target.

Generated by OpenCVE AI on April 19, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of liangliangyy DjangoBlog that implements authentication checks for the Clean Endpoint as soon as an official fix becomes available.
  • If no patch is immediately available, configure network or application firewall rules to restrict access to the Clean Endpoint to a whitelist of trusted IP addresses or internal network segments.
  • Add an authentication guard to the Clean Endpoint function, such as enforcing the @login_required decorator or requiring API token validation, to ensure only authorized users can invoke it.

Generated by OpenCVE AI on April 19, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Liangliangyy
Liangliangyy djangoblog
Vendors & Products Liangliangyy
Liangliangyy djangoblog

Sun, 19 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title liangliangyy DjangoBlog Clean Endpoint views.py missing authentication
Weaknesses CWE-287
CWE-306
References
Metrics cvssV2_0

{'score': 6.4, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Liangliangyy Djangoblog
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-20T15:18:38.633Z

Reserved: 2026-04-19T05:11:01.781Z

Link: CVE-2026-6579

cve-icon Vulnrichment

Updated: 2026-04-20T15:18:35.215Z

cve-icon NVD

Status : Deferred

Published: 2026-04-19T22:16:35.320

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-6579

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T14:58:35Z

Weaknesses