Django Missing Authorization Vulnerability - CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4 5.2 before 5.2.13 and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier unsupported Django series (such as 5.0.x 4.1.x and 3.2.x) were not evaluated and may also be affected. Django would like to thank N05ecLZU-DSLab for reporting this issue.