Description
A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-19
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Authentication Bypass
Action: Patch ASAP
AI Analysis

Impact

The vulnerability resides in the Clean Endpoint view of the DjangoBlog application, where authentication checks are omitted, allowing an attacker to access the endpoint without credentials. This flaw matches CWE‑287 (Authentication Bypass) and CWE‑306 (Missing Authentication). If exploited, attackers could use the endpoint to trigger actions, potentially leading to unauthorized data exposure or system manipulation, depending on the function performed by the endpoint.

Affected Systems

The issue affects liangliangyy DjangoBlog versions up to and including 2.1.0.0. No other affected product or version information is provided.

Risk and Exploitability

The CVSS score is 6.9, indicating a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The description states the attack can be initiated remotely, and the exploit is publicly available, implying that unauthenticated attackers could exploit the endpoint from outside the network. The vulnerability does not require specialized prerequisites beyond the ability to send a HTTP request to the target.

Generated by OpenCVE AI on April 19, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of liangliangyy DjangoBlog that implements authentication checks for the Clean Endpoint as soon as an official fix becomes available.
  • If no patch is immediately available, configure network or application firewall rules to restrict access to the Clean Endpoint to a whitelist of trusted IP addresses or internal network segments.
  • Add an authentication guard to the Clean Endpoint function, such as enforcing the @login_required decorator or requiring API token validation, to ensure only authorized users can invoke it.

Generated by OpenCVE AI on April 19, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 19 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title liangliangyy DjangoBlog Clean Endpoint views.py missing authentication
Weaknesses CWE-287
CWE-306
References
Metrics cvssV2_0

{'score': 6.4, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-19T22:00:17.503Z

Reserved: 2026-04-19T05:11:01.781Z

Link: CVE-2026-6579

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-19T22:16:35.320

Modified: 2026-04-19T22:16:35.320

Link: CVE-2026-6579

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T00:00:10Z

Weaknesses