CVE-2026-44197: Wagtail has improper permission handling when comparing revisions

May 8, 2026

A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information.

References

github.com/advisories/GHSA-c6wj-9vcj-75pj
github.com/wagtail/wagtail
github.com/wagtail/wagtail/security/advisories/GHSA-c6wj-9vcj-75pj
nvd.nist.gov/vuln/detail/CVE-2026-44197

Code Behaviors & Features

Detect and mitigate CVE-2026-44197 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →