summaryrefslogtreecommitdiff
path: root/docs/releases/5.2.13.txt
diff options
context:
space:
mode:
Diffstat (limited to 'docs/releases/5.2.13.txt')
-rw-r--r--docs/releases/5.2.13.txt10
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/releases/5.2.13.txt b/docs/releases/5.2.13.txt
index 94d63dafdb..8b03103508 100644
--- a/docs/releases/5.2.13.txt
+++ b/docs/releases/5.2.13.txt
@@ -26,3 +26,13 @@ behavior of :pypi:`Daphne <daphne>`, the reference server for ASGI.
This issue has severity "low" according to the :ref:`Django security policy
<security-disclosure>`.
+
+CVE-2026-4277: Privilege abuse in ``GenericInlineModelAdmin``
+=============================================================
+
+Add permissions on inline model instances were not validated on submission of
+forged ``POST`` data in
+:class:`~django.contrib.contenttypes.admin.GenericInlineModelAdmin`.
+
+This issue has severity "low" according to the :ref:`Django security policy
+<security-disclosure>`.
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 02:17:04 +0000