Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/87775?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/87775?format=api", "purl": "pkg:pypi/nautobot@2.4.4", "type": "pypi", "namespace": "", "name": "nautobot", "version": "2.4.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.33", "latest_non_vulnerable_version": "3.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97947?format=api", "vulnerability_id": "VCID-7hyy-vgqn-hkfy", "summary": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45367", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45526", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45516", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49143" }, { "reference_url": "https://github.com/nautobot/nautobot", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nautobot/nautobot" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49143", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49143" }, { "reference_url": "https://github.com/nautobot/nautobot/pull/6672", "reference_id": "6672", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/" } ], "url": "https://github.com/nautobot/nautobot/pull/6672" }, { "reference_url": "https://github.com/nautobot/nautobot/pull/6703", "reference_id": "6703", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/" } ], "url": "https://github.com/nautobot/nautobot/pull/6703" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340", "reference_id": "9c892dc300429948a4714f743c9c2879d8987340", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95", "reference_id": "d99a53b065129cff3a0fa9abe7355a9ef1ad4c95", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95" }, { "reference_url": "https://github.com/advisories/GHSA-rh67-4c8j-hjjh", "reference_id": "GHSA-rh67-4c8j-hjjh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rh67-4c8j-hjjh" }, { "reference_url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh", "reference_id": "GHSA-rh67-4c8j-hjjh", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:58:15Z/" } ], "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87782?format=api", "purl": "pkg:pypi/nautobot@2.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fmdc-184u-9ya3" }, { "vulnerability": "VCID-kzek-vx11-p3db" }, { "vulnerability": "VCID-n6my-hv54-7kfv" }, { "vulnerability": "VCID-p5ay-27ca-8ydh" }, { "vulnerability": "VCID-zaze-en93-tker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.10" } ], "aliases": [ "CVE-2025-49143", "GHSA-rh67-4c8j-hjjh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7hyy-vgqn-hkfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67722?format=api", "vulnerability_id": "VCID-fmdc-184u-9ya3", "summary": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11492", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1156", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11569", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44797" }, { "reference_url": "https://github.com/nautobot/nautobot", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nautobot/nautobot" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44797", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44797" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4", "reference_id": "16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08", "reference_id": "7324c8f0d8c7245fbc691e15d729adc2d2707d08", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08" }, { "reference_url": "https://github.com/advisories/GHSA-c35q-vxrp-ph26", "reference_id": "GHSA-c35q-vxrp-ph26", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c35q-vxrp-ph26" }, { "reference_url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26", "reference_id": "GHSA-c35q-vxrp-ph26", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/" } ], "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26" }, { "reference_url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33", "reference_id": "v2.4.33", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/" } ], "url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33" }, { "reference_url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2", "reference_id": "v3.1.2", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:29:49Z/" } ], "url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375888?format=api", "purl": "pkg:pypi/nautobot@2.4.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/375887?format=api", "purl": "pkg:pypi/nautobot@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.1.2" } ], "aliases": [ "CVE-2026-44797", "GHSA-c35q-vxrp-ph26" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmdc-184u-9ya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97951?format=api", "vulnerability_id": "VCID-jcyt-t5f3-4khn", "summary": "Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39611", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39586", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39416", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49142" }, { "reference_url": "https://github.com/nautobot/nautobot", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nautobot/nautobot" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2025-74.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2025-74.yaml" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/nautobot/PYSEC-2025-79.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nautobot/PYSEC-2025-79.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49142", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49142" }, { "reference_url": "https://github.com/nautobot/nautobot/pull/7417", "reference_id": "7417", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/" } ], "url": "https://github.com/nautobot/nautobot/pull/7417" }, { "reference_url": "https://github.com/nautobot/nautobot/pull/7429", "reference_id": "7429", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/" } ], "url": "https://github.com/nautobot/nautobot/pull/7429" }, { "reference_url": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description", "reference_id": "#alters-data-description", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/" } ], "url": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description" }, { "reference_url": "https://github.com/advisories/GHSA-wjw6-95h5-4jpx", "reference_id": "GHSA-wjw6-95h5-4jpx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wjw6-95h5-4jpx" }, { "reference_url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx", "reference_id": "GHSA-wjw6-95h5-4jpx", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/" } ], "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx" }, { "reference_url": "https://jinja.palletsprojects.com/en/stable/sandbox", "reference_id": "sandbox", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N" }, { "value": "6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T17:10:17Z/" } ], "url": "https://jinja.palletsprojects.com/en/stable/sandbox" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/87782?format=api", "purl": "pkg:pypi/nautobot@2.4.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fmdc-184u-9ya3" }, { "vulnerability": "VCID-kzek-vx11-p3db" }, { "vulnerability": "VCID-n6my-hv54-7kfv" }, { "vulnerability": "VCID-p5ay-27ca-8ydh" }, { "vulnerability": "VCID-zaze-en93-tker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.10" } ], "aliases": [ "CVE-2025-49142", "GHSA-wjw6-95h5-4jpx", "PYSEC-2025-74", "PYSEC-2025-79" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jcyt-t5f3-4khn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67599?format=api", "vulnerability_id": "VCID-kzek-vx11-p3db", "summary": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to reference another object that may belong to one of several different \"content types\" or database tables), when creating or updating an object containing a GenericForeignKey, Nautobot's REST API failed to enforce user \"view\" permissions when determining whether a given reference to another object would be valid. This vulnerability is fixed in 2.4.33 and 3.1.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06911", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06901", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06886", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44794" }, { "reference_url": "https://github.com/nautobot/nautobot", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nautobot/nautobot" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44794", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44794" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b", "reference_id": "36cde7148a207234de6212ec074f321dbc9d1b5b", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1", "reference_id": "9918bdb9bcf1eb42cda72c344f420a64ef7665f1", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1" }, { "reference_url": "https://github.com/advisories/GHSA-wpxj-44w3-2j6x", "reference_id": "GHSA-wpxj-44w3-2j6x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpxj-44w3-2j6x" }, { "reference_url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x", "reference_id": "GHSA-wpxj-44w3-2j6x", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/" } ], "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x" }, { "reference_url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33", "reference_id": "v2.4.33", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/" } ], "url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33" }, { "reference_url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2", "reference_id": "v3.1.2", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:02:38Z/" } ], "url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375888?format=api", "purl": "pkg:pypi/nautobot@2.4.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/375887?format=api", "purl": "pkg:pypi/nautobot@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.1.2" } ], "aliases": [ "CVE-2026-44794", "GHSA-wpxj-44w3-2j6x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzek-vx11-p3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67710?format=api", "vulnerability_id": "VCID-n6my-hv54-7kfv", "summary": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.1805", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.18066", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00056", "scoring_system": "epss", "scoring_elements": "0.17891", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44798" }, { "reference_url": "https://github.com/nautobot/nautobot", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nautobot/nautobot" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44798", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44798" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609", "reference_id": "9deddfc91ad9260ad17b5e20084e9e2d15be3609", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3", "reference_id": "c46f97040b2bde4320be36b23577f19a8bcbd8c3", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3" }, { "reference_url": "https://github.com/advisories/GHSA-p3hx-pwf3-j8wr", "reference_id": "GHSA-p3hx-pwf3-j8wr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3hx-pwf3-j8wr" }, { "reference_url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr", "reference_id": "GHSA-p3hx-pwf3-j8wr", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/" } ], "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr" }, { "reference_url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33", "reference_id": "v2.4.33", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/" } ], "url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33" }, { "reference_url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2", "reference_id": "v3.1.2", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:01:54Z/" } ], "url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375888?format=api", "purl": "pkg:pypi/nautobot@2.4.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/375887?format=api", "purl": "pkg:pypi/nautobot@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.1.2" } ], "aliases": [ "CVE-2026-44798", "GHSA-p3hx-pwf3-j8wr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6my-hv54-7kfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67914?format=api", "vulnerability_id": "VCID-p5ay-27ca-8ydh", "summary": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15501", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15494", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44796" }, { "reference_url": "https://github.com/nautobot/nautobot", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nautobot/nautobot" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44796", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44796" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd", "reference_id": "5a30d0916953afbeedd24a784709e762cc3879cd", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee", "reference_id": "c2b766966d814a7141f62c7bc90c85fefb7892ee", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee" }, { "reference_url": "https://github.com/advisories/GHSA-qrpw-gjvh-x5gm", "reference_id": "GHSA-qrpw-gjvh-x5gm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qrpw-gjvh-x5gm" }, { "reference_url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm", "reference_id": "GHSA-qrpw-gjvh-x5gm", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/" } ], "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm" }, { "reference_url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33", "reference_id": "v2.4.33", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/" } ], "url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33" }, { "reference_url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2", "reference_id": "v3.1.2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-30T02:01:49Z/" } ], "url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375888?format=api", "purl": "pkg:pypi/nautobot@2.4.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/375887?format=api", "purl": "pkg:pypi/nautobot@3.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.1.2" } ], "aliases": [ "CVE-2026-44796", "GHSA-qrpw-gjvh-x5gm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5ay-27ca-8ydh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75121?format=api", "vulnerability_id": "VCID-zaze-en93-tker", "summary": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's nautobot_config.py to apply various rules if desired). This can potentially allow for the creation or modification of users to have passwords that are weak or otherwise do not comply with configured standards. This issue has been patched in versions 2.4.30 and 3.0.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02251", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0225", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02255", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34203" }, { "reference_url": "https://github.com/nautobot/nautobot", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/nautobot/nautobot" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34203", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34203" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598", "reference_id": "589f7caf54124ad76bc9fcbb7bdcaa25627cd598", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598" }, { "reference_url": "https://github.com/nautobot/nautobot/pull/8778", "reference_id": "8778", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/" } ], "url": "https://github.com/nautobot/nautobot/pull/8778" }, { "reference_url": "https://github.com/nautobot/nautobot/pull/8779", "reference_id": "8779", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/" } ], "url": "https://github.com/nautobot/nautobot/pull/8779" }, { "reference_url": "https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9", "reference_id": "d1ef3135aa02fa07de061e8c085f8cce425fe8c9", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/" } ], "url": "https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9" }, { "reference_url": "https://github.com/advisories/GHSA-xmpv-j7p2-j873", "reference_id": "GHSA-xmpv-j7p2-j873", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xmpv-j7p2-j873" }, { "reference_url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873", "reference_id": "GHSA-xmpv-j7p2-j873", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T20:29:54Z/" } ], "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375128?format=api", "purl": "pkg:pypi/nautobot@2.4.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fmdc-184u-9ya3" }, { "vulnerability": "VCID-kzek-vx11-p3db" }, { "vulnerability": "VCID-n6my-hv54-7kfv" }, { "vulnerability": "VCID-p5ay-27ca-8ydh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/986228?format=api", "purl": "pkg:pypi/nautobot@3.0.0a2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fmdc-184u-9ya3" }, { "vulnerability": "VCID-kzek-vx11-p3db" }, { "vulnerability": "VCID-n6my-hv54-7kfv" }, { "vulnerability": "VCID-p5ay-27ca-8ydh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.0.0a2" }, { "url": "http://public2.vulnerablecode.io/api/packages/375129?format=api", "purl": "pkg:pypi/nautobot@3.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fmdc-184u-9ya3" }, { "vulnerability": "VCID-kzek-vx11-p3db" }, { "vulnerability": "VCID-n6my-hv54-7kfv" }, { "vulnerability": "VCID-p5ay-27ca-8ydh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@3.0.10" } ], "aliases": [ "CVE-2026-34203", "GHSA-xmpv-j7p2-j873" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zaze-en93-tker" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.4.4" }