CVE-2026-48587 in Djangothông tin

Tóm tắt

Bởi MITRE • 03/06/2026

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose responses contain whitespace-padded Vary header values. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Navid Rezazadeh for reporting this issue.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

DSF

Đặt trước

21/05/2026

Tiết lộ

03/06/2026

Kiểm duyệt

được chấp nhận

mục

VDB-368128

CPE

sẵn sàng

CWE

CWE-1023 (Đã xác nhận)

CVSS

3.1 (CNA)

EPSS

0.00000

KEV

không

Các hoạt động

thấp

ngành

Hostingprovider, Lawfirm, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-48587
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-48587
CVE Details	https://www.cvedetails.com/cve/CVE-2026-48587/

◂ Trước Tổng Quan Tiếp theo ▸

Do you need the next level of professionalism?

Upgrade your account now!