IM
IronMonkey Threat Research

CVE-2026-16214 MEDIUM

Published: 2026-07-19 | Last Modified: 2026-07-19 | Status: Received

Description

A vulnerability was identified in geex-arts django-jet up to 1.0.8. This affects an unknown function of the file jet/dashboard/views.py of the component Dashboard Module. Such manipulation leads to authorization bypass. The attack can be executed remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Metrics

Base Score: 6.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactLOW

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 3.4

Base Score: 6.5 (MEDIUM)

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationSINGLE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Secondary

Exploitability Score: 8.0

Impact Score: 6.4

Base Score: 2.1 (LOW)

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredLOW
User InteractionNONE
Vulnerability ConfidentialityLOW
Vulnerability IntegrityLOW
Vulnerability AvailabilityLOW
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Primary
en CWE-285
en CWE-639
Notification
Message here