CVE-2026-31815

django-unicorn affected by component state manipulation via unvalidated attribute access

Description

Unicorn adds modern reactive component functionality to your Django templates. Prior to 0.67.0, component state manipulation is possible in django-unicorn due to missing access control checks during property updates and method calls. An attacker can bypass the intended _is_public protection to modify internal attributes such as template_name or trigger protected methods. This vulnerability is fixed in 0.67.0.

INFO

Published Date :

2026-03-10T21:07:08.198Z

Last Modified :

2026-03-11T14:18:26.595Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-31815 vulnerability.

Vendors	Products
Django-commons	Django-unicorn
Django-unicorn	Unicorn

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31815.

URL	Resource
https://github.com/django-commons/django-unicorn/security/advisories/GHSA-ffv6-jj46-x367

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact