{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6577", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-19T05:10:55.653Z", "datePublished": "2026-04-19T19:30:15.098Z", "dateUpdated": "2026-04-19T19:30:15.098Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-19T19:30:15.098Z"}, "title": "liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-306", "lang": "en", "description": "Missing Authentication"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "Improper Authentication"}]}], "affected": [{"vendor": "liangliangyy", "product": "DjangoBlog", "versions": [{"version": "2.1.0", "status": "affected"}], "modules": ["logtracks Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-19T07:16:15.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Dem0 (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358212", "name": "VDB-358212 | liangliangyy DjangoBlog logtracks Endpoint views.py missing authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/358212/cti", "name": "VDB-358212 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/790282", "name": "Submit #790282 | liangliangyy DjangoBlog <= 2.1.0.0 Missing Authentication", "tags": ["third-party-advisory"]}, {"url": "https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-6577", "lastModified": "2026-04-19T20:16:28.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-19T20:16:28.837", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/790282"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358212"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358212/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-306"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-19T21:20:23.354616+00:00", "value": {"mitigation_remediation": ["Upgrade to a version that includes authentication for the logtracks Endpoint.", "If an upgrade is not feasible, add an authentication check to the logtracks Endpoint views.py (e.g., @login_required) to enforce user verification.", "Restrict network access to the Endpoint until the vulnerability is remediated, and monitor logs for suspicious activity."], "summary": {"action": "Patch", "impact": "Unauthorized access via missing authentication"}, "threat_synthesis": {"affected_systems": "The affected product is Liangliangyy\u2019s DjangoBlog, version 2.1.0.0 and earlier. The specific component impacted is the logtracks Endpoint located in owntracks/views.py.", "description_and_impact": "This vulnerability arises from a missing authentication check in the logtracks Endpoint of liangliangyy DjangoBlog. The flaw allows an attacker to invoke the affected function in owntracks/views.py without any credentials, leading to unauthorized access to functionality that should be protected. The weakness is classified as CWE\u2011287 and CWE\u2011306, indicating an authentication bypass.", "risk_and_exploitability": "The CVSS base score of 6.9 reflects a moderate severity. An attacker can exploit the flaw remotely, and the public exploit code availability suggests it could be widely used. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the availability of a public exploit and the remote attack vector indicate a realistic risk that should be addressed promptly."}}}}, "created": "2026-04-19T21:30:26.909822+00:00", "updated": "2026-04-19T21:30:26.909869+00:00", "vendors": []}