CVE-2026-6578 | liangliangyy DjangoBlog up to 2.1.0.0 Setting djangoblog/settings.py SECRET_KEY hard-coded credentials

A vulnerability categorized as critical has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials.

This vulnerability is reported as CVE-2026-6578. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More