Medium severity6.6NVD Advisory· Published Sep 23, 2024· Updated Apr 15, 2026

CVE-2024-40441

Description

An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter.

Patches

f350ccee7184

https://github.com/doccano/auto-labeling-pipelinevia osv

f935fd162ba4

https://github.com/doccano/doccanovia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/doccano/auto-labeling-pipeline/releases/tag/v0.1.23nvd
github.com/doccano/doccano/releases/tag/v1.8.4nvd
github.com/gian2dchris/CVEs/tree/main/CVE-2024-40441nvd

News mentions

No linked articles in our index yet.

cvss	0.429
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000