CVE-2026-34444 - Vulnerability Analysis
N/aLast Updated: April 6, 2026
Lupa - Broken Access Control
Published: April 6, 2026Updated: April 6, 2026PoC Available
Overview
Lupa <= 2.6 contains a broken access control vulnerability caused by inconsistent application of attribute_filter in built-in functions getattr and setattr, letting attackers bypass restrictions and achieve arbitrary code execution.
Severity & Score
Severity: N/a
Impact
Attackers can bypass attribute restrictions and execute arbitrary code, potentially compromising the entire system.
Mitigation
Update to a version later than 2.6 or the latest available version.
Related Resources
Details
- CVE ID
- CVE-2026-34444
- Severity
- N/a
- Type
- broken_access_control
- Status
- new
CWE
- CWE-284
CVSS Metrics
N/A