CVE-2026-31815

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-31815

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31815.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-31815

Aliases

GHSA-ffv6-jj46-x367

Published

2026-03-10T21:07:08.198Z

Modified

2026-04-10T05:43:17.145517Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

django-unicorn affected by component state manipulation via unvalidated attribute access

Details

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended ispublic protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.

Database specific

{
    "cwe_ids": [
        "CWE-284",
        "CWE-915"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31815.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/adamghill/django-unicorn

Affected ranges

Type

GIT

Repo

https://github.com/adamghill/django-unicorn

Events

Introduced

Fixed

63043f40424455e189bd4d094beeeb1f3f2008bd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.67.0"
        }
    ]
}

Affected versions

0.*

0.1.0

0.1.1

0.10.0

0.10.1

0.11.0

0.11.2

0.12.0

0.13.0

0.14.0

0.14.1

0.15.0

0.15.1

0.16.0

0.16.1

0.17.0

0.17.1

0.18.0

0.18.1

0.19.0

0.2.0

0.2.1

0.2.2

0.2.3

0.20.0

0.21.0

0.21.1

0.21.2

0.22.0

0.24.0

0.25.0

0.26.0

0.27.0

0.27.1

0.27.2

0.28.0

0.29.0

0.3.0

0.31.0

0.32.0

0.33.0

0.34.0

0.35.0

0.36.0

0.36.1

0.37.0

0.37.1

0.37.2

0.38.0

0.38.1

0.39.0

0.39.1

0.4.0

0.40.0

0.41.0

0.41.1

0.41.2

0.42.0

0.42.1

0.43.0

0.43.1

0.44.1

0.45.0

0.45.1

0.46.0

0.47.0

0.48.0

0.5.0

0.56.0

0.56.1

0.57.0

0.57.1

0.58.0

0.58.1

0.59.0

0.6.0

0.6.1

0.6.3

0.6.5

0.60.0

0.61.0

0.62.0

0.63.0

0.63.1

0.63.2

0.63.3

0.64.0

0.65.0

0.65.1

0.65.2

0.66.0

0.66.1

0.7.0

0.7.1

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31815.json"

Git / github.com/django-commons/django-unicorn

Affected ranges

Type

GIT

Repo

https://github.com/django-commons/django-unicorn

Events

Introduced

Fixed

63043f40424455e189bd4d094beeeb1f3f2008bd

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.67.0"
        }
    ]
}

Affected versions

0.*

0.1.0

0.1.1

0.10.0

0.10.1

0.11.0

0.11.2

0.12.0

0.13.0

0.14.0

0.14.1

0.15.0

0.15.1

0.16.0

0.16.1

0.17.0

0.17.1

0.18.0

0.18.1

0.19.0

0.2.0

0.2.1

0.2.2

0.2.3

0.20.0

0.21.0

0.21.1

0.21.2

0.22.0

0.24.0

0.25.0

0.26.0

0.27.0

0.27.1

0.27.2

0.28.0

0.29.0

0.3.0

0.31.0

0.32.0

0.33.0

0.34.0

0.35.0

0.36.0

0.36.1

0.37.0

0.37.1

0.37.2

0.38.0

0.38.1

0.39.0

0.39.1

0.4.0

0.40.0

0.41.0

0.41.1

0.41.2

0.42.0

0.42.1

0.43.0

0.43.1

0.44.1

0.45.0

0.45.1

0.46.0

0.47.0

0.48.0

0.5.0

0.56.0

0.56.1

0.57.0

0.57.1

0.58.0

0.58.1

0.59.0

0.6.0

0.6.1

0.6.3

0.6.5

0.60.0

0.61.0

0.62.0

0.63.0

0.63.1

0.63.2

0.63.3

0.64.0

0.65.0

0.65.1

0.65.2

0.66.0

0.66.1

0.7.0

0.7.1

0.8.0

0.9.0

0.9.1

0.9.2

0.9.3

0.9.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31815.json"