CVE-2026-6907 in DjangoИнформация

Сводка

по MITRE • 05.05.2026

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being stored and served. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Ahmad Sadeddin for reporting this issue.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

DSF

Резервировать

23.04.2026

Раскрытие

05.05.2026

Модерация

принято

Вход

VDB-361218

CPE

готов

CWE

CWE-524 (Подтверждённый)

CVSS

4.3 (CNA)

EPSS

0.00033

KEV

Нет

Деятельности

Очень низкий

Сектор

Agriculture, Lawfirm, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6907
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6907
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6907/

◂ Предыдущий Обзор Далее ▸

Interested in the pricing of exploits?

See the underground prices here!