nautobot — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in nautobot, with AI-generated Chinese analysis, references, and POCs.

Vendor: nautobot

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34203	Nautobot: Management of users via REST API does not apply configured password validators CWE-521	2.7	Low	2026-03-31
CVE-2025-49143	Nautobot may allows uploaded media files to be accessible without authentication CWE-200	7.5^AI	High^AI	2025-06-10
CVE-2025-49142	Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating CWE-1336	8.1^AI	High^AI	2025-06-10
CVE-2024-36112	Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects CWE-280	6.3	Medium	2024-05-28
CVE-2024-34707	Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages CWE-79	7.5	High	2024-05-13
CVE-2024-32979	Reflected Cross-site Scripting potential in all object list views in Nautobot CWE-79	7.5	High	2024-05-01
CVE-2024-29199	Unauthenticated views may expose information to anonymous users CWE-200	3.7	Low	2024-03-26
CVE-2024-23345	Nautobot has XSS potential in rendered Markdown fields CWE-79	7.1	High	2024-01-22
CVE-2023-51649	Nautobot missing object-level permissions enforcement when running Job Buttons CWE-863	3.5	Low	2023-12-22
CVE-2023-50263	Nautobot allows unauthenticated db-file-storage views CWE-200	3.7	Low	2023-12-12
CVE-2023-48705	nautobot has XSS potential in custom links, job buttons, and computed fields CWE-79	7.1	High	2023-11-22
CVE-2023-46128	Exposure of hashed user passwords via REST API in Nautobot CWE-200	6.5	Medium	2023-10-24
CVE-2023-25657	Remote code execution in Jinja2 template rendering in Nautobot CWE-94	7.5	High	2023-02-21

All 13 known CVE vulnerabilities affecting nautobot with full Chinese analysis, references, and POCs where available.