Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceFEDORA-2026-9b7a6474a1

FEDORA-2026-9b7a6474a1

MEDIUM

python-django5-5.2.14-1.fc44

Published May 12, 2026

Modified 1 weeks ago

Fix available

Details

Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass
Fixes CVE-2026-35192: Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
Fixes CVE-2026-6907: Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware
Fixes CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation
Fixes CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin
Fixes CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable
Fixes CVE-2026-33033: Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload
Fixes CVE-2026-33034: Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
Fixes CVE-2026-25674: Potential incorrect permissions on newly created file system objects

Affected Packages

python-django5

Fedora 44

Fixed in:

5.2.14-1.fc44

python3-django5

Fedora 44

Fixed in:

5.2.14-1.fc44

python3-django5-bash-completion

Fedora 44

Fixed in:

5.2.14-1.fc44

python3-django5-doc

Fedora 44

Fixed in:

5.2.14-1.fc44

References

https://bugzilla.redhat.com/show_bug.cgi?id=2444117

Related

CVE-2026-25674 CVE-2026-33033 CVE-2026-33034 CVE-2026-35192 CVE-2026-3902 CVE-2026-4277 CVE-2026-4292 CVE-2026-5766 CVE-2026-6907

Ecosystems

Timeline

PublishedMay 12, 2026

ModifiedMay 13, 2026

FEDORA-2026-9b7a6474a1 | Mondoo Vulnerability Intelligence