๐Ÿ” CVE Alert

CVE-2026-16209

HIGH 7.3

Gerapy Project Upload Endpoint views.py missing authentication

CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability has been found in Gerapy up to 0.9.13. The impacted element is an unknown function of the file gerapy/server/core/views.py of the component Project Upload Endpoint. Such manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd4891c60315f17611a3b7a651ffe0fba7cfe71e. Applying a patch is advised to resolve this issue.

CWE CWE-306 CWE-287
Vendor n/a
Product gerapy
Published Jul 19, 2026
Stay Ahead of the Next One

Get instant alerts for n/a gerapy

Be the first to know when new high vulnerabilities affecting n/a gerapy are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

n/a / Gerapy
0.9.0 0.9.1 0.9.2 0.9.3 0.9.4 0.9.5 0.9.6 0.9.7 0.9.8 0.9.9 0.9.10 0.9.11 0.9.12 0.9.13

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/380025 vuldb.com: https://vuldb.com/vuln/380025/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16209 vuldb.com: https://vuldb.com/submit/857926 github.com: https://github.com/Gerapy/Gerapy/issues/317 github.com: https://github.com/Gerapy/Gerapy/pull/319 github.com: https://github.com/Gerapy/Gerapy/commit/bd4891c60315f17611a3b7a651ffe0fba7cfe71e github.com: https://github.com/Gerapy/Gerapy/

Credits

๐Ÿ” Galaxyn (VulDB User)