๐Ÿ” CVE Alert

CVE-2026-16212

MEDIUM 4.2

awesto django-shop Purchase Stock inventory.py race condition

CVSS Score
4.2
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads to race condition. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is told to be difficult. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE CWE-362
Vendor awesto
Product django-shop
Published Jul 19, 2026
Stay Ahead of the Next One

Get instant alerts for awesto django-shop

Be the first to know when new medium vulnerabilities affecting awesto django-shop are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

awesto / django-shop
1.2.0 1.2.1 1.2.2 1.2.3 1.2.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/380028 vuldb.com: https://vuldb.com/vuln/380028/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16212 vuldb.com: https://vuldb.com/submit/857939 github.com: https://github.com/awesto/django-shop/issues/888 github.com: https://github.com/awesto/django-shop/

Credits

๐Ÿ” GalaxynC (VulDB User) VulDB CNA Team