CVE-2026-16212
awesto django-shop Purchase Stock inventory.py race condition
CVSS Score
4.2
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads to race condition. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-362 |
| Vendor | awesto |
| Product | django-shop |
| Published | Jul 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for awesto django-shop
Be the first to know when new medium vulnerabilities affecting awesto django-shop are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
awesto / django-shop
1.2.0 1.2.1 1.2.2 1.2.3 1.2.4
References
Credits
๐ GalaxynC (VulDB User) VulDB CNA Team