CVE-2026-6580
HIGHliangliangyy DjangoBlog Amap API Call views.py hard-coded key
Title source: cnaDescription
A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Scores
CVSS v3
7.3
EPSS
0.0004
EPSS Percentile
11.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-320
CWE-321
Status
published
Products (1)
liangliangyy/DjangoBlog
2.1.0
Published
Apr 19, 2026
Tracked Since
Apr 20, 2026