UBUNTU-CVE-2026-4277
- Source
- https://ubuntu.com/security/CVE-2026-4277
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4277.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-4277
- Upstream
- Downstream
- Related
- Published
- 2026-04-07T14:00:00Z
- Modified
- 2026-04-13T12:54:37.298779Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged
POSTdata inGenericInlineModelAdmin. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank N05ec@LZU-DSLab for reporting this issue. - References
Affected packages
Ubuntu:22.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@2:3.2.12-2ubuntu1.26?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:3.2.12-2ubuntu1.26
Affected versions
2:2.*
2:2.2.24-1ubuntu1
2:3.*
2:3.2.12-2
2:3.2.12-2ubuntu1
2:3.2.12-2ubuntu1.1
2:3.2.12-2ubuntu1.2
2:3.2.12-2ubuntu1.3
2:3.2.12-2ubuntu1.4
2:3.2.12-2ubuntu1.5
2:3.2.12-2ubuntu1.6
2:3.2.12-2ubuntu1.7
2:3.2.12-2ubuntu1.8
2:3.2.12-2ubuntu1.9
2:3.2.12-2ubuntu1.10
2:3.2.12-2ubuntu1.11
2:3.2.12-2ubuntu1.12
2:3.2.12-2ubuntu1.13
2:3.2.12-2ubuntu1.14
2:3.2.12-2ubuntu1.15
2:3.2.12-2ubuntu1.16
2:3.2.12-2ubuntu1.17
2:3.2.12-2ubuntu1.18
2:3.2.12-2ubuntu1.19
2:3.2.12-2ubuntu1.20
2:3.2.12-2ubuntu1.21
2:3.2.12-2ubuntu1.22
2:3.2.12-2ubuntu1.23
2:3.2.12-2ubuntu1.24
2:3.2.12-2ubuntu1.25
Ubuntu:24.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@3:4.2.11-1ubuntu1.15?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3:4.2.11-1ubuntu1.15
Affected versions
3:4.*
3:4.2.4-1ubuntu2
3:4.2.8-1
3:4.2.9-1
3:4.2.11-1
3:4.2.11-1ubuntu1
3:4.2.11-1ubuntu1.1
3:4.2.11-1ubuntu1.2
3:4.2.11-1ubuntu1.3
3:4.2.11-1ubuntu1.4
3:4.2.11-1ubuntu1.5
3:4.2.11-1ubuntu1.6
3:4.2.11-1ubuntu1.7
3:4.2.11-1ubuntu1.8
3:4.2.11-1ubuntu1.9
3:4.2.11-1ubuntu1.10
3:4.2.11-1ubuntu1.11
3:4.2.11-1ubuntu1.12
3:4.2.11-1ubuntu1.13
3:4.2.11-1ubuntu1.14
Ubuntu:25.10
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@3:5.2.4-1ubuntu2.4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3:5.2.4-1ubuntu2.4
Affected versions
3:4.*
3:4.2.18-1ubuntu1
3:4.2.18-1ubuntu1.1
3:5.*
3:5.2.4-1
3:5.2.4-1ubuntu1
3:5.2.4-1ubuntu2
3:5.2.4-1ubuntu2.1
3:5.2.4-1ubuntu2.2
3:5.2.4-1ubuntu2.3
Ubuntu:Pro:14.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1.6.11-0ubuntu1.3+esm11?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.5.4-1ubuntu1
1.6-1
1.6.1-1
1.6.1-2
1.6.1-2ubuntu0.1
1.6.1-2ubuntu0.2
1.6.1-2ubuntu0.3
1.6.1-2ubuntu0.4
1.6.1-2ubuntu0.5
1.6.1-2ubuntu0.6
1.6.1-2ubuntu0.8
1.6.1-2ubuntu0.9
1.6.1-2ubuntu0.10
1.6.1-2ubuntu0.11
1.6.1-2ubuntu0.12
1.6.1-2ubuntu0.13
1.6.1-2ubuntu0.14
1.6.1-2ubuntu0.15
1.6.1-2ubuntu0.16
1.6.11-0ubuntu1
1.6.11-0ubuntu1.1
1.6.11-0ubuntu1.2
1.6.11-0ubuntu1.3
1.6.11-0ubuntu1.3+esm1
1.6.11-0ubuntu1.3+esm2
1.6.11-0ubuntu1.3+esm3
1.6.11-0ubuntu1.3+esm4
1.6.11-0ubuntu1.3+esm5
1.6.11-0ubuntu1.3+esm6
1.6.11-0ubuntu1.3+esm7
1.6.11-0ubuntu1.3+esm8
1.6.11-0ubuntu1.3+esm9
1.6.11-0ubuntu1.3+esm10
1.6.11-0ubuntu1.3+esm11
Ubuntu:Pro:16.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1.8.7-1ubuntu5.15+esm12?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.8.7-1ubuntu5.15+esm12
Affected versions
1.*
1.7.9-1ubuntu5
1.8.5-2ubuntu1
1.8.7-1ubuntu1
1.8.7-1ubuntu2
1.8.7-1ubuntu3
1.8.7-1ubuntu4
1.8.7-1ubuntu5
1.8.7-1ubuntu5.1
1.8.7-1ubuntu5.2
1.8.7-1ubuntu5.4
1.8.7-1ubuntu5.5
1.8.7-1ubuntu5.6
1.8.7-1ubuntu5.7
1.8.7-1ubuntu5.8
1.8.7-1ubuntu5.9
1.8.7-1ubuntu5.10
1.8.7-1ubuntu5.11
1.8.7-1ubuntu5.12
1.8.7-1ubuntu5.13
1.8.7-1ubuntu5.14
1.8.7-1ubuntu5.15
1.8.7-1ubuntu5.15+esm1
1.8.7-1ubuntu5.15+esm3
1.8.7-1ubuntu5.15+esm4
1.8.7-1ubuntu5.15+esm5
1.8.7-1ubuntu5.15+esm6
1.8.7-1ubuntu5.15+esm7
1.8.7-1ubuntu5.15+esm8
1.8.7-1ubuntu5.15+esm9
1.8.7-1ubuntu5.15+esm10
1.8.7-1ubuntu5.15+esm11
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.8.7-1ubuntu5.15+esm12",
"binary_name": "python-django"
},
{
"binary_version": "1.8.7-1ubuntu5.15+esm12",
"binary_name": "python-django-common"
},
{
"binary_version": "1.8.7-1ubuntu5.15+esm12",
"binary_name": "python3-django"
}
],
"priority_reason": "Django developers have rated this as being a low severity issue",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Ubuntu:Pro:18.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@1:1.11.11-1ubuntu1.21+esm15?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:1.11.11-1ubuntu1.21+esm15
Affected versions
1:1.*
1:1.11.4-1ubuntu1
1:1.11.6-1ubuntu1
1:1.11.9-1ubuntu1
1:1.11.11-1ubuntu1
1:1.11.11-1ubuntu1.1
1:1.11.11-1ubuntu1.2
1:1.11.11-1ubuntu1.3
1:1.11.11-1ubuntu1.4
1:1.11.11-1ubuntu1.5
1:1.11.11-1ubuntu1.6
1:1.11.11-1ubuntu1.7
1:1.11.11-1ubuntu1.8
1:1.11.11-1ubuntu1.9
1:1.11.11-1ubuntu1.10
1:1.11.11-1ubuntu1.11
1:1.11.11-1ubuntu1.12
1:1.11.11-1ubuntu1.13
1:1.11.11-1ubuntu1.14
1:1.11.11-1ubuntu1.15
1:1.11.11-1ubuntu1.16
1:1.11.11-1ubuntu1.17
1:1.11.11-1ubuntu1.18
1:1.11.11-1ubuntu1.19
1:1.11.11-1ubuntu1.20
1:1.11.11-1ubuntu1.21
1:1.11.11-1ubuntu1.21+esm1
1:1.11.11-1ubuntu1.21+esm2
1:1.11.11-1ubuntu1.21+esm3
1:1.11.11-1ubuntu1.21+esm4
1:1.11.11-1ubuntu1.21+esm5
1:1.11.11-1ubuntu1.21+esm6
1:1.11.11-1ubuntu1.21+esm7
1:1.11.11-1ubuntu1.21+esm8
1:1.11.11-1ubuntu1.21+esm9
1:1.11.11-1ubuntu1.21+esm10
1:1.11.11-1ubuntu1.21+esm11
1:1.11.11-1ubuntu1.21+esm12
1:1.11.11-1ubuntu1.21+esm13
1:1.11.11-1ubuntu1.21+esm14
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:1.11.11-1ubuntu1.21+esm15",
"binary_name": "python-django"
},
{
"binary_version": "1:1.11.11-1ubuntu1.21+esm15",
"binary_name": "python-django-common"
},
{
"binary_version": "1:1.11.11-1ubuntu1.21+esm15",
"binary_name": "python3-django"
}
],
"priority_reason": "Django developers have rated this as being a low severity issue",
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}Ubuntu:Pro:20.04:LTS
python-django
Package
- Name
- python-django
- Purl
- pkg:deb/ubuntu/python-django@2:2.2.12-1ubuntu0.29+esm8?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:2.2.12-1ubuntu0.29+esm8
Affected versions
1:1.*
1:1.11.22-1ubuntu1
2:2.*
2:2.2.6-1ubuntu1
2:2.2.9-2ubuntu1
2:2.2.10-1
2:2.2.10-1ubuntu1
2:2.2.11-1
2:2.2.12-1
2:2.2.12-1ubuntu0.1
2:2.2.12-1ubuntu0.2
2:2.2.12-1ubuntu0.3
2:2.2.12-1ubuntu0.4
2:2.2.12-1ubuntu0.5
2:2.2.12-1ubuntu0.6
2:2.2.12-1ubuntu0.7
2:2.2.12-1ubuntu0.8
2:2.2.12-1ubuntu0.9
2:2.2.12-1ubuntu0.10
2:2.2.12-1ubuntu0.11
2:2.2.12-1ubuntu0.12
2:2.2.12-1ubuntu0.13
2:2.2.12-1ubuntu0.14
2:2.2.12-1ubuntu0.15
2:2.2.12-1ubuntu0.16
2:2.2.12-1ubuntu0.17
2:2.2.12-1ubuntu0.18
2:2.2.12-1ubuntu0.19
2:2.2.12-1ubuntu0.20
2:2.2.12-1ubuntu0.21
2:2.2.12-1ubuntu0.22
2:2.2.12-1ubuntu0.23
2:2.2.12-1ubuntu0.24
2:2.2.12-1ubuntu0.25
2:2.2.12-1ubuntu0.26
2:2.2.12-1ubuntu0.27
2:2.2.12-1ubuntu0.28
2:2.2.12-1ubuntu0.29
2:2.2.12-1ubuntu0.29+esm1
2:2.2.12-1ubuntu0.29+esm2
2:2.2.12-1ubuntu0.29+esm3
2:2.2.12-1ubuntu0.29+esm4
2:2.2.12-1ubuntu0.29+esm5
2:2.2.12-1ubuntu0.29+esm6
2:2.2.12-1ubuntu0.29+esm7