CVE-2026-6907 in Djangothông tin

Tóm tắt

Bởi MITRE • 05/05/2026

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being stored and served. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Ahmad Sadeddin for reporting this issue.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

DSF

Đặt trước

23/04/2026

Tiết lộ

05/05/2026

Kiểm duyệt

được chấp nhận

mục

VDB-361218

CPE

sẵn sàng

CWE

CWE-524 (Đã xác nhận)

CVSS

4.3 (CNA)

EPSS

0.00033

KEV

không

Các hoạt động

rất thấp

ngành

Agriculture, Lawfirm, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6907
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6907
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6907/

◂ Trước Tổng Quan Tiếp theo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!