Acknowledged
Created: Apr 9, 2026
Updated: Apr 20, 2026
Found In Version: 10.23.30.2
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new
instances to be created via forged `POST` data.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Cantina for reporting this issue.
