Vulnerability DatabaseCVE-2026-31815
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-31815
March 10, 2026
Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.
Affected Packages
django-unicorn (PYTHON):
Affected version(s) >=0.1.0 <0.67.0
Fix Suggestion:
Update to version 0.67.0
Related Resources (3)
https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367
https://nvd.nist.gov/vuln/detail/CVE-2026-31815
https://github.com/django-commons/django-unicorn
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Improper Access Control
CWE-284
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-915
EPSS
Base Score:
0.07