Vulnerability-Lookup

RHSA-2026:6291

Vulnerability from csaf_redhat - Published: 2026-03-31 16:56 - Updated: 2026-03-31 22:32

Summary

Red Hat Security Advisory: General availability of the satellite/iop-advisor-backend-rhel9 container image

Severity

Important

Notes

Topic: A new satellite/iop-advisor-backend-rhel9 container image is now generally available in the Red Hat container registry.

Details: Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-14550

A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service (DoS), making the affected system unavailable to legitimate users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-167 - Improper Handling of Additional Special Element

Vendor Fix For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation. https://access.redhat.com/errata/RHSA-2026:6291

Workaround Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

CVE-2026-1207

A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on `RasterField` (only implemented on PostGIS). This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of service.

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Vendor Fix For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation. https://access.redhat.com/errata/RHSA-2026:6291

CVE-2026-1285

A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (when `html=True`), or through the `truncatechars_html` and `truncatewords_html` template filters. This can lead to a denial-of-service (DoS) condition, making the application unavailable to legitimate users.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Vendor Fix For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation. https://access.redhat.com/errata/RHSA-2026:6291

Workaround To mitigate this issue, applications utilizing Django should avoid processing untrusted HTML content through the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods with `html=True`, or the `truncatechars_html` and `truncatewords_html` template filters. Restrict the use of these functions to only trusted inputs where the HTML structure is controlled and validated.

CVE-2026-1287

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to `QuerySet` methods like `annotate()` or `values()`, it can lead to the execution of arbitrary SQL commands. This could result in unauthorized access to sensitive data or modification of information within the database.

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Vendor Fix For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation. https://access.redhat.com/errata/RHSA-2026:6291

CVE-2026-1312

A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the `.QuerySet.order_by()` method. This occurs when column aliases containing periods are used, and the same alias is also present in `FilteredRelation` via a specially crafted dictionary. Successful exploitation could lead to unauthorized information disclosure or arbitrary code execution within the database.

8.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Vendor Fix For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation. https://access.redhat.com/errata/RHSA-2026:6291

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:6291	self
	https://access.redhat.com/documentation/en-us/red…	external
	https://access.redhat.com/security/cve/CVE-2025-14550	external
	https://access.redhat.com/security/cve/CVE-2026-1207	external
	https://access.redhat.com/security/cve/CVE-2026-1285	external
	https://access.redhat.com/security/cve/CVE-2026-1287	external
	https://access.redhat.com/security/cve/CVE-2026-1312	external
	https://access.redhat.com/security/updates/classi…	external
	https://catalog.redhat.com/software/containers/search	external
	https://docs.redhat.com/en/documentation/red_hat_…	external
	https://docs.redhat.com/en/documentation/red_hat_…	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2025-14550	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2436341	external
	https://www.cve.org/CVERecord?id=CVE-2025-14550	external
	https://nvd.nist.gov/vuln/detail/CVE-2025-14550	external
	https://docs.djangoproject.com/en/dev/releases/se…	external
	https://groups.google.com/g/django-announce	external
	https://www.djangoproject.com/weblog/2026/feb/03/…	external
	https://access.redhat.com/security/cve/CVE-2026-1207	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2436338	external
	https://www.cve.org/CVERecord?id=CVE-2026-1207	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-1207	external
	https://access.redhat.com/security/cve/CVE-2026-1285	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2436340	external
	https://www.cve.org/CVERecord?id=CVE-2026-1285	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-1285	external
	https://access.redhat.com/security/cve/CVE-2026-1287	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2436339	external
	https://www.cve.org/CVERecord?id=CVE-2026-1287	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-1287	external
	https://access.redhat.com/security/cve/CVE-2026-1312	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2436342	external
	https://www.cve.org/CVERecord?id=CVE-2026-1312	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-1312	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new satellite/iop-advisor-backend-rhel9 container image is now generally available in the Red Hat container registry.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Lightspeed in Satellite analyzes system health and configuration by applying  predefined rules to a small set of local data, such as installed packages,  running services, and configuration settings.  When you install Red Hat Lightspeed in Satellite locally,  you can generate Red Hat Lightspeed recommendations without  sending system data to Red Hat services. ",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:6291",
        "url": "https://access.redhat.com/errata/RHSA-2026:6291"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-14550",
        "url": "https://access.redhat.com/security/cve/CVE-2025-14550"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1207",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1207"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1285",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1285"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1287",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1287"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1312",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1312"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/software/containers/search",
        "url": "https://catalog.redhat.com/software/containers/search"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite",
        "url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-and-configuring-red-hat-lightspeed-in-satellite"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite",
        "url": "https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_disconnected_network_environment/performing-additional-configuration#installing-and-configuring-red-hat-lightspeed-in-satellite"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6291.json"
      }
    ],
    "title": "Red Hat Security Advisory: General availability of the satellite/iop-advisor-backend-rhel9 container image",
    "tracking": {
      "current_release_date": "2026-03-31T22:32:22+00:00",
      "generator": {
        "date": "2026-03-31T22:32:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.4"
        }
      },
      "id": "RHSA-2026:6291",
      "initial_release_date": "2026-03-31T16:56:50+00:00",
      "revision_history": [
        {
          "date": "2026-03-31T16:56:50+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-31T16:56:57+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-31T22:32:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 6.18",
                "product": {
                  "name": "Red Hat Satellite 6.18",
                  "product_id": "Red Hat Satellite 6.18",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:satellite:6.18::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64",
                "product": {
                  "name": "registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64",
                  "product_id": "registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/iop-advisor-backend-rhel9@sha256%3A563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c?arch=amd64\u0026repository_url=registry.redhat.io/satellite\u0026tag=1773451075"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64 as a component of Red Hat Satellite 6.18",
          "product_id": "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
        },
        "product_reference": "registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64",
        "relates_to_product_reference": "Red Hat Satellite 6.18"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14550",
      "cwe": {
        "id": "CWE-167",
        "name": "Improper Handling of Additional Special Element"
      },
      "discovery_date": "2026-02-03T15:01:12.970018+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service (DoS), making the affected system unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: Denial of Service via crafted request with duplicate headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This MODERATE impact denial-of-service flaw in Django affects Red Hat products utilizing the ASGIRequest component, such as Red Hat Ansible Automation Platform, Red Hat Discovery, and Red Hat Satellite. A remote attacker could send specially crafted requests containing duplicate headers, potentially rendering the affected system unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-14550"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-14550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14550"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:38:15.875000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T16:56:50+00:00",
          "details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6291"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Django: Django: Denial of Service via crafted request with duplicate headers"
    },
    {
      "cve": "CVE-2026-1207",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2026-02-03T15:00:58.388707+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436338"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on `RasterField` (only implemented on PostGIS). This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: SQL Injection via RasterField band index parameter",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT flaw affects Django\u0027s `RasterField` when utilized with PostGIS, allowing remote SQL injection via the band index parameter. Red Hat Ansible Automation Platform, Red Hat Discovery, Red Hat Satellite, Insights, and Ansible Services are impacted if configured to use Django with PostGIS `RasterField` lookups. Successful exploitation could lead to unauthorized data access, modification, or denial of service.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1207"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436338",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436338"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1207"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:35:33.721000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T16:56:50+00:00",
          "details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6291"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Django: Django: SQL Injection via RasterField band index parameter"
    },
    {
      "cve": "CVE-2026-1285",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-02-03T15:01:06.283620+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (when `html=True`), or through the `truncatechars_html` and `truncatewords_html` template filters. This can lead to a denial-of-service (DoS) condition, making the application unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: Denial of Service via crafted HTML inputs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a MODERATE impact denial-of-service flaw in Django. Applications utilizing Django that process untrusted HTML inputs with a large number of unmatched end tags through the `Truncator.chars()` or `Truncator.words()` methods (with `html=True`), or the `truncatechars_html` and `truncatewords_html` template filters, may experience resource exhaustion. This can lead to the application becoming unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1285"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1285"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:35:50.254000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T16:56:50+00:00",
          "details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6291"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, applications utilizing Django should avoid processing untrusted HTML content through the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods with `html=True`, or the `truncatechars_html` and `truncatewords_html` template filters. Restrict the use of these functions to only trusted inputs where the HTML structure is controlled and validated.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Django: Django: Denial of Service via crafted HTML inputs"
    },
    {
      "cve": "CVE-2026-1287",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2026-02-03T15:01:03.441713+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436339"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to `QuerySet` methods like `annotate()` or `values()`, it can lead to the execution of arbitrary SQL commands. This could result in unauthorized access to sensitive data or modification of information within the database.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: SQL Injection via crafted column aliases",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT SQL injection flaw in Django allows a remote attacker to execute arbitrary SQL commands by crafting column aliases. This vulnerability affects Red Hat products that incorporate Django, such as Red Hat Ansible Automation Platform, Red Hat Discovery, Red Hat Satellite, Insights, and Ansible Services, potentially leading to unauthorized data access or modification.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1287"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436339",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436339"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1287"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:36:03.630000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T16:56:50+00:00",
          "details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6291"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Django: Django: SQL Injection via crafted column aliases"
    },
    {
      "cve": "CVE-2026-1312",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2026-02-03T15:01:18.274166+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the `.QuerySet.order_by()` method. This occurs when column aliases containing periods are used, and the same alias is also present in `FilteredRelation` via a specially crafted dictionary. Successful exploitation could lead to unauthorized information disclosure or arbitrary code execution within the database.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT vulnerability in Django allows for SQL injection within the `QuerySet.order_by()` method. A remote attacker could exploit this by providing crafted column aliases that include periods, specifically when used with `FilteredRelation`. Successful exploitation may result in unauthorized information disclosure or arbitrary code execution against the underlying database. This affects Red Hat products that integrate Django, such as Red Hat Ansible Automation Platform and Red Hat Satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1312"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1312",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1312"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:36:23.257000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-31T16:56:50+00:00",
          "details": "For Red Hat Lightspeed in Satellite installation see the Red Hat Satellite documentation.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:6291"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Satellite 6.18:registry.redhat.io/satellite/iop-advisor-backend-rhel9@sha256:563d17f7250c9a5ccb9f7213332b0a8e0b876e8e4e9814a7f397e51972c60a2c_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()"
    }
  ]
}

CVE-2026-1287 (GCVE-0-2026-1287)

Vulnerability from cvelistv5 – Published: 2026-02-03 14:36 – Updated: 2026-02-03 16:26

Title

Potential SQL injection in column aliases via control characters

Summary

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue.

Severity ?

No CVSS data available.

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

DSF

References

URL

Tags

	https://docs.djangoproject.com/en/dev/releases/se…	vendor-advisory
	https://groups.google.com/g/django-announce	mailing-list
	https://www.djangoproject.com/weblog/2026/feb/03/…	vendor-advisory

Impacted products

	Vendor	Product	Version
	djangoproject	Django	Affected: 6.0 , < 6.0.2 (semver) Unaffected: 6.0.2 (semver) Affected: 5.2 , < 5.2.11 (semver) Unaffected: 5.2.11 (semver) Affected: 4.2 , < 4.2.28 (semver) Unaffected: 4.2.28 (semver)

Date Public ?

2026-02-03 08:00

Credits

Solomon Kebede Jake Howard Jacob Walls

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-1287",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T16:26:40.435996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T16:26:43.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/Django/",
          "defaultStatus": "unaffected",
          "packageName": "django",
          "product": "Django",
          "repo": "https://github.com/django/django/",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "6.0.2",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "6.0.2",
              "versionType": "semver"
            },
            {
              "lessThan": "5.2.11",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.2.11",
              "versionType": "semver"
            },
            {
              "lessThan": "4.2.28",
              "status": "affected",
              "version": "4.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "4.2.28",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Solomon Kebede"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jake Howard"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Jacob Walls"
        }
      ],
      "datePublic": "2026-02-03T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\u003c/p\u003e\u003cp\u003e`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`.\u003c/p\u003e\u003cp\u003eEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\u003c/p\u003e\u003cp\u003eDjango would like to thank Solomon Kebede for reporting this issue.\u003c/p\u003e"
            }
          ],
          "value": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Solomon Kebede for reporting this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66: SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://docs.djangoproject.com/en/dev/internals/security/#security-issue-severity-levels",
              "value": "high"
            },
            "type": "Django severity rating"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T14:36:03.630Z",
        "orgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
        "shortName": "DSF"
      },
      "references": [
        {
          "name": "Django security archive",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "name": "Django releases announcements",
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "name": "Django security releases issued: 6.0.2, 5.2.11, and 4.2.28",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-12T18:00:00.000Z",
          "value": "Initial report received."
        },
        {
          "lang": "en",
          "time": "2026-01-26T18:00:00.000Z",
          "value": "Vulnerability confirmed."
        },
        {
          "lang": "en",
          "time": "2026-02-03T08:00:00.000Z",
          "value": "Security release issued."
        }
      ],
      "title": "Potential SQL injection in column aliases via control characters",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
    "assignerShortName": "DSF",
    "cveId": "CVE-2026-1287",
    "datePublished": "2026-02-03T14:36:03.630Z",
    "dateReserved": "2026-01-21T14:04:43.515Z",
    "dateUpdated": "2026-02-03T16:26:43.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1312 (GCVE-0-2026-1312)

Vulnerability from cvelistv5 – Published: 2026-02-03 14:36 – Updated: 2026-02-03 16:56

Title

Potential SQL injection via QuerySet.order_by and FilteredRelation

Summary

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue.

Severity ?

No CVSS data available.

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

DSF

References

URL

Tags

	https://docs.djangoproject.com/en/dev/releases/se…	vendor-advisory
	https://groups.google.com/g/django-announce	mailing-list
	https://www.djangoproject.com/weblog/2026/feb/03/…	vendor-advisory

Impacted products

	Vendor	Product	Version
	djangoproject	Django	Affected: 6.0 , < 6.0.2 (semver) Unaffected: 6.0.2 (semver) Affected: 5.2 , < 5.2.11 (semver) Unaffected: 5.2.11 (semver) Affected: 4.2 , < 4.2.28 (semver) Unaffected: 4.2.28 (semver)

Date Public ?

2026-02-03 08:00

Credits

Solomon Kebede Jacob Walls Jacob Walls

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-1312",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T16:56:09.077282Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T16:56:37.936Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/Django/",
          "defaultStatus": "unaffected",
          "packageName": "django",
          "product": "Django",
          "repo": "https://github.com/django/django/",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "6.0.2",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "6.0.2",
              "versionType": "semver"
            },
            {
              "lessThan": "5.2.11",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.2.11",
              "versionType": "semver"
            },
            {
              "lessThan": "4.2.28",
              "status": "affected",
              "version": "4.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "4.2.28",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Solomon Kebede"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jacob Walls"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Jacob Walls"
        }
      ],
      "datePublic": "2026-02-03T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\u003c/p\u003e\u003cp\u003e`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`.\u003c/p\u003e\u003cp\u003eEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\u003c/p\u003e\u003cp\u003eDjango would like to thank Solomon Kebede for reporting this issue.\u003c/p\u003e"
            }
          ],
          "value": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Solomon Kebede for reporting this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66: SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://docs.djangoproject.com/en/dev/internals/security/#security-issue-severity-levels",
              "value": "high"
            },
            "type": "Django severity rating"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T14:36:23.257Z",
        "orgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
        "shortName": "DSF"
      },
      "references": [
        {
          "name": "Django security archive",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "name": "Django releases announcements",
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "name": "Django security releases issued: 6.0.2, 5.2.11, and 4.2.28",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-12T18:00:00.000Z",
          "value": "Initial report received."
        },
        {
          "lang": "en",
          "time": "2026-01-26T18:00:00.000Z",
          "value": "Vulnerability confirmed."
        },
        {
          "lang": "en",
          "time": "2026-02-03T08:00:00.000Z",
          "value": "Security release issued."
        }
      ],
      "title": "Potential SQL injection via QuerySet.order_by and FilteredRelation",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
    "assignerShortName": "DSF",
    "cveId": "CVE-2026-1312",
    "datePublished": "2026-02-03T14:36:23.257Z",
    "dateReserved": "2026-01-21T20:45:05.988Z",
    "dateUpdated": "2026-02-03T16:56:37.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1207 (GCVE-0-2026-1207)

Vulnerability from cvelistv5 – Published: 2026-02-03 14:35 – Updated: 2026-02-03 16:21

Title

Potential SQL injection via raster lookups on PostGIS

Summary

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Severity ?

No CVSS data available.

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

DSF

References

URL

Tags

	https://docs.djangoproject.com/en/dev/releases/se…	vendor-advisory
	https://groups.google.com/g/django-announce	mailing-list
	https://www.djangoproject.com/weblog/2026/feb/03/…	vendor-advisory

Impacted products

	Vendor	Product	Version
	djangoproject	Django	Affected: 6.0 , < 6.0.2 (semver) Unaffected: 6.0.2 (semver) Affected: 5.2 , < 5.2.11 (semver) Unaffected: 5.2.11 (semver) Affected: 4.2 , < 4.2.28 (semver) Unaffected: 4.2.28 (semver)

Date Public ?

2026-02-03 08:00

Credits

Tarek Nakkouch Jacob Walls Jacob Walls

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-1207",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T16:21:06.022295Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T16:21:08.811Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/Django/",
          "defaultStatus": "unaffected",
          "packageName": "django",
          "product": "Django",
          "repo": "https://github.com/django/django/",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "6.0.2",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "6.0.2",
              "versionType": "semver"
            },
            {
              "lessThan": "5.2.11",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.2.11",
              "versionType": "semver"
            },
            {
              "lessThan": "4.2.28",
              "status": "affected",
              "version": "4.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "4.2.28",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Tarek Nakkouch"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jacob Walls"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Jacob Walls"
        }
      ],
      "datePublic": "2026-02-03T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\u003c/p\u003e\u003cp\u003eRaster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter.\u003c/p\u003e\u003cp\u003eEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\u003c/p\u003e\u003cp\u003eDjango would like to thank Tarek Nakkouch for reporting this issue.\u003c/p\u003e"
            }
          ],
          "value": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\nRaster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Tarek Nakkouch for reporting this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66: SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://docs.djangoproject.com/en/dev/internals/security/#security-issue-severity-levels",
              "value": "high"
            },
            "type": "Django severity rating"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T14:35:33.721Z",
        "orgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
        "shortName": "DSF"
      },
      "references": [
        {
          "name": "Django security archive",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "name": "Django releases announcements",
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "name": "Django security releases issued: 6.0.2, 5.2.11, and 4.2.28",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-19T18:00:00.000Z",
          "value": "Initial report received."
        },
        {
          "lang": "en",
          "time": "2026-01-26T18:00:00.000Z",
          "value": "Vulnerability confirmed."
        },
        {
          "lang": "en",
          "time": "2026-02-03T08:00:00.000Z",
          "value": "Security release issued."
        }
      ],
      "title": "Potential SQL injection via raster lookups on PostGIS",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
    "assignerShortName": "DSF",
    "cveId": "CVE-2026-1207",
    "datePublished": "2026-02-03T14:35:33.721Z",
    "dateReserved": "2026-01-19T20:14:06.262Z",
    "dateUpdated": "2026-02-03T16:21:08.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14550 (GCVE-0-2025-14550)

Vulnerability from cvelistv5 – Published: 2026-02-03 14:38 – Updated: 2026-02-03 16:27

Title

Potential denial-of-service vulnerability via repeated headers when using ASGI

Summary

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Jiyong Yang for reporting this issue.

Severity ?

No CVSS data available.

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

DSF

References

URL

Tags

	https://docs.djangoproject.com/en/dev/releases/se…	vendor-advisory
	https://groups.google.com/g/django-announce	mailing-list
	https://www.djangoproject.com/weblog/2026/feb/03/…	vendor-advisory

Impacted products

Vendor

Product

Version

djangoproject

Django

Affected: 6.0 , < 6.0.2 (semver)
Unaffected: 6.0.2 (semver)
Affected: 5.2 , < 5.2.11 (semver)
Unaffected: 5.2.11 (semver)
Affected: 4.2 , < 4.2.28 (semver)
Unaffected: 4.2.28 (semver)

djangoproject

asgiref

Affected: 3 , < 3.11.1 (semver)
Unaffected: 3.11.1 (semver)

Date Public ?

2026-02-03 08:00

Credits

Jiyong Yang Jake Howard Jacob Walls

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-14550",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T16:27:25.280447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T16:27:38.976Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/Django/",
          "defaultStatus": "unaffected",
          "packageName": "django",
          "product": "Django",
          "repo": "https://github.com/django/django/",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "6.0.2",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "6.0.2",
              "versionType": "semver"
            },
            {
              "lessThan": "5.2.11",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.2.11",
              "versionType": "semver"
            },
            {
              "lessThan": "4.2.28",
              "status": "affected",
              "version": "4.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "4.2.28",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://pypi.org/project/asgiref/",
          "defaultStatus": "unaffected",
          "packageName": "asgiref",
          "product": "asgiref",
          "repo": "https://github.com/django/asgiref/",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "3.11.1",
              "status": "affected",
              "version": "3",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "3.11.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jiyong Yang"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Jake Howard"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Jacob Walls"
        }
      ],
      "datePublic": "2026-02-03T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\u003c/p\u003e\u003cp\u003e`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.\u003c/p\u003e\u003cp\u003eEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\u003c/p\u003e\u003cp\u003eDjango would like to thank Jiyong Yang for reporting this issue.\u003c/p\u003e"
            }
          ],
          "value": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`ASGIRequest` allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Jiyong Yang for reporting this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130: Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://docs.djangoproject.com/en/dev/internals/security/#security-issue-severity-levels",
              "value": "moderate"
            },
            "type": "Django severity rating"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T14:38:15.875Z",
        "orgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
        "shortName": "DSF"
      },
      "references": [
        {
          "name": "Django security archive",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "name": "Django releases announcements",
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "name": "Django security releases issued: 6.0.2, 5.2.11, and 4.2.28",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-14T18:00:00.000Z",
          "value": "Initial report received."
        },
        {
          "lang": "en",
          "time": "2025-12-16T18:00:00.000Z",
          "value": "Vulnerability confirmed."
        },
        {
          "lang": "en",
          "time": "2026-02-03T08:00:00.000Z",
          "value": "Security release issued."
        }
      ],
      "title": "Potential denial-of-service vulnerability via repeated headers when using ASGI",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
    "assignerShortName": "DSF",
    "cveId": "CVE-2025-14550",
    "datePublished": "2026-02-03T14:38:15.875Z",
    "dateReserved": "2025-12-11T20:08:21.400Z",
    "dateUpdated": "2026-02-03T16:27:38.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1285 (GCVE-0-2026-1285)

Vulnerability from cvelistv5 – Published: 2026-02-03 14:35 – Updated: 2026-02-03 16:22

Title

Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods

Summary

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Severity ?

No CVSS data available.

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

DSF

References

URL

Tags

	https://docs.djangoproject.com/en/dev/releases/se…	vendor-advisory
	https://groups.google.com/g/django-announce	mailing-list
	https://www.djangoproject.com/weblog/2026/feb/03/…	vendor-advisory

Impacted products

	Vendor	Product	Version
	djangoproject	Django	Affected: 6.0 , < 6.0.2 (semver) Unaffected: 6.0.2 (semver) Affected: 5.2 , < 5.2.11 (semver) Unaffected: 5.2.11 (semver) Affected: 4.2 , < 4.2.28 (semver) Unaffected: 4.2.28 (semver)

Date Public ?

2026-02-03 08:00

Credits

Seokchan Yoon Natalia Bidart Jacob Walls

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-1285",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T16:22:30.293747Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T16:22:33.352Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/Django/",
          "defaultStatus": "unaffected",
          "packageName": "django",
          "product": "Django",
          "repo": "https://github.com/django/django/",
          "vendor": "djangoproject",
          "versions": [
            {
              "lessThan": "6.0.2",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "6.0.2",
              "versionType": "semver"
            },
            {
              "lessThan": "5.2.11",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "5.2.11",
              "versionType": "semver"
            },
            {
              "lessThan": "4.2.28",
              "status": "affected",
              "version": "4.2",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "4.2.28",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Seokchan Yoon"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Natalia Bidart"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Jacob Walls"
        }
      ],
      "datePublic": "2026-02-03T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\u003c/p\u003e\u003cp\u003e`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.\u003c/p\u003e\u003cp\u003eEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\u003c/p\u003e\u003cp\u003eDjango would like to thank Seokchan Yoon for reporting this issue.\u003c/p\u003e"
            }
          ],
          "value": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Seokchan Yoon for reporting this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130: Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://docs.djangoproject.com/en/dev/internals/security/#security-issue-severity-levels",
              "value": "moderate"
            },
            "type": "Django severity rating"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T14:35:50.254Z",
        "orgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
        "shortName": "DSF"
      },
      "references": [
        {
          "name": "Django security archive",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "name": "Django releases announcements",
          "tags": [
            "mailing-list"
          ],
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "name": "Django security releases issued: 6.0.2, 5.2.11, and 4.2.28",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-20T18:00:00.000Z",
          "value": "Initial report received."
        },
        {
          "lang": "en",
          "time": "2026-01-22T18:00:00.000Z",
          "value": "Vulnerability confirmed."
        },
        {
          "lang": "en",
          "time": "2026-02-03T08:00:00.000Z",
          "value": "Security release issued."
        }
      ],
      "title": "Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
    "assignerShortName": "DSF",
    "cveId": "CVE-2026-1285",
    "datePublished": "2026-02-03T14:35:50.254Z",
    "dateReserved": "2026-01-21T12:49:21.258Z",
    "dateUpdated": "2026-02-03T16:22:33.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:6291

CVE-2026-1287 (GCVE-0-2026-1287)

CVE-2026-1312 (GCVE-0-2026-1312)

CVE-2026-1207 (GCVE-0-2026-1207)

CVE-2025-14550 (GCVE-0-2025-14550)

CVE-2026-1285 (GCVE-0-2026-1285)

Tags

Sightings

Nomenclature