IM
IronMonkey Threat Research

CVE-2026-16213 MEDIUM

Published: 2026-07-19 | Last Modified: 2026-07-19 | Status: Received

Description

A security flaw has been discovered in Fantomas42 django-blog-zinnia up to 0.20. Affected by this vulnerability is an unknown functionality of the file zinnia/views/mixins/entry_protection.py of the component Protected Entry Password Handler. The manipulation results in cleartext storage of sensitive information. The attack needs to be approached locally. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Metrics

Base Score: 3.3 (LOW)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 1.4

Base Score: 1.7 (LOW)

AV:L/AC:L/Au:S/C:P/I:N/A:N

Access VectorLOCAL
Access ComplexityLOW
AuthenticationSINGLE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Secondary

Exploitability Score: 3.1

Impact Score: 2.9

Base Score: 4.8 (MEDIUM)

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorLOCAL
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredLOW
User InteractionNONE
Vulnerability ConfidentialityLOW
Vulnerability IntegrityNONE
Vulnerability AvailabilityNONE
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Primary
en CWE-310
en CWE-312
Notification
Message here