"CVE-2026-4277 addresses privilege abuse in GenericInlineModelAdmin, where permissions on inline model instances were not validated on submission of forged POST data, rated low severity."
"CVE-2026-4292 highlights privilege abuse in ModelAdmin.list_editable, allowing new instances to be created via forged POST data, also rated low severity."
"CVE-2026-33033 presents a potential denial-of-service vulnerability in MultiPartParser, where excessive whitespace in base64-encoded uploads may degrade performance, rated moderate severity."
"CVE-2026-33034 indicates a potential denial-of-service vulnerability in ASGI requests, where a missing Content-Length header could bypass memory limits, leading to service degradation."
Django 6.0.4, 5.2.13, and 4.2.30 have been released to address security vulnerabilities. Django 4.2 has reached the end of extended support, urging users to upgrade to Django 5.2 or later. Notable vulnerabilities include privilege abuse in GenericInlineModelAdmin and ModelAdmin.list_editable, both rated low severity, and potential denial-of-service vulnerabilities in MultiPartParser and ASGI requests, rated moderate. Users are encouraged to check the downloads page for supported versions and future release schedules.
Read at Django Project
Unable to calculate read time
Collection
[
|
...
]