CVE-2026-44201 Overview
CVE-2026-44201 is an information disclosure vulnerability in Wagtail, an open source content management system built on Django. The Documents and Images API incorrectly enumerated items stored in private collections. Any user with API access could view the filename and name fields of documents and images intended to remain private. The flaw stems from improper enforcement of collection-level permissions when listing API resources, and it is categorized under [CWE-280] (Improper Handling of Insufficient Permissions or Privileges). Wagtail maintainers fixed the issue in versions 7.0.7, 7.3.2, and 7.4.
Critical Impact
Unauthenticated or low-privilege API consumers can enumerate metadata of private documents and images, exposing sensitive filenames and asset names that should be restricted to authorized collection members.
Affected Products
- Torchbox Wagtail versions prior to 7.0.7
- Torchbox Wagtail versions prior to 7.3.2 (7.1.x and 7.2.x branches)
- Torchbox Wagtail versions prior to 7.4
Discovery Timeline
- 2026-05-11 - CVE-2026-44201 published to the National Vulnerability Database
- 2026-05-12 - Last updated in NVD database
Technical Details for CVE-2026-44201
Vulnerability Analysis
Wagtail exposes a Documents API and an Images API that allow clients to list and retrieve media assets stored in the CMS. Assets can be organized into collections, and collections can be marked private to restrict visibility to specific groups or users. Prior to the fixed releases, the API listing endpoints did not apply collection privacy filters consistently. Items located in private collections appeared in API list responses returned to users who lacked permission to view those collections.
The disclosed data is limited to metadata fields, specifically the document filename and the image name. The vulnerability does not grant access to the underlying file bytes, but the leaked identifiers can reveal internal project names, customer data references, or pre-release content. Attackers can use this information for reconnaissance ahead of targeted social engineering or follow-on attacks.
Root Cause
The root cause is improper handling of insufficient permissions in the queryset construction for the Documents and Images API viewsets. Collection-based access controls were enforced inconsistently between the admin interface and the public API serializer, allowing private items to surface in API list responses.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction beyond access to the public API endpoints. An attacker issues standard GET requests to the Documents or Images API and parses the response for items belonging to private collections. Refer to the Wagtail GitHub Security Advisory GHSA-p5gm-92h4-6pv6 for the maintainer write-up and patch references.
Detection Methods for CVE-2026-44201
Indicators of Compromise
- Unusual volumes of GET requests to /api/v2/documents/ or /api/v2/images/ endpoints from a single source.
- API responses containing item identifiers that correspond to documents or images filed under private collections.
- Access log entries showing API enumeration patterns such as sequential ?offset= or ?limit= paging from non-administrative clients.
Detection Strategies
- Compare API list responses against the inventory of private collections to identify leaked items in historical logs.
- Alert on anonymous or low-privilege accounts that successfully retrieve API list pages containing private collection IDs.
- Review web application firewall logs for repeated, automated requests targeting the Wagtail Documents and Images API paths.
Monitoring Recommendations
- Enable verbose access logging on the Wagtail application server and forward logs to a centralized SIEM for correlation.
- Track the count of distinct document and image IDs returned per API session to surface scraping behavior.
- Monitor for spikes in 200 OK responses on API endpoints following the public disclosure date of 2026-05-11.
How to Mitigate CVE-2026-44201
Immediate Actions Required
- Upgrade Wagtail to 7.0.7, 7.3.2, or 7.4 depending on the deployed release branch.
- Audit private collections for sensitive filenames that may have been disclosed prior to patching.
- Rotate or rename any documents and images whose filenames themselves leak confidential information.
Patch Information
Torchbox released fixes in Wagtail 7.0.7, 7.3.2, and 7.4. The patches enforce collection privacy filters consistently across the Documents and Images API list views. Patch details are published in the Wagtail Security Advisory GHSA-p5gm-92h4-6pv6.
Workarounds
- Disable the public Documents and Images API endpoints in urls.py if upgrading immediately is not feasible.
- Restrict API access at the reverse proxy layer to authenticated, trusted clients only.
- Move highly sensitive assets out of Wagtail-managed collections until the upgrade is applied.
# Configuration example: upgrade Wagtail to a patched release
pip install --upgrade "wagtail>=7.4"
# Or, for the 7.3.x branch
pip install --upgrade "wagtail>=7.3.2,<7.4"
# Or, for the 7.0.x LTS branch
pip install --upgrade "wagtail>=7.0.7,<7.1"
# Verify the installed version
python -c "import wagtail; print(wagtail.__version__)"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
