Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceFEDORA-2026-ca3d81129a

FEDORA-2026-ca3d81129a

UNKNOWN

python-django4.2-4.2.28-1.fc42

Published Feb 20, 2026

Modified 3 days ago

Fix available

Details

Fixes CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
Fixes CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
Fixes CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Fixes CVE-2026-1285: Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
Fixes CVE-2026-1287: Potential SQL injection in column aliases via control characters
Fixes CVE-2026-1312: Potential SQL injection via QuerySet.order_by and FilteredRelation

Affected Packages

python-django4.2

Fedora 42

Fixed in:

4.2.28-1.fc42

python-django4.2-bash-completion

Fedora 42

Fixed in:

4.2.28-1.fc42

python3-django4.2

Fedora 42

Fixed in:

4.2.28-1.fc42

python3-django4.2-doc

Fedora 42

Fixed in:

4.2.28-1.fc42

References

https://bugzilla.redhat.com/show_bug.cgi?id=2436703

https://bugzilla.redhat.com/show_bug.cgi?id=2436705

https://bugzilla.redhat.com/show_bug.cgi?id=2436711

https://bugzilla.redhat.com/show_bug.cgi?id=2436720

https://bugzilla.redhat.com/show_bug.cgi?id=2436722

Related

CVE-2025-13473 CVE-2025-14550 CVE-2026-1207 CVE-2026-1285 CVE-2026-1287 CVE-2026-1312

Ecosystems

Timeline

PublishedFeb 20, 2026

ModifiedMar 1, 2026

FEDORA-2026-ca3d81129a | Mondoo Vulnerability Intelligence