4.3 CVE-2026-6907

Enriched by CISA

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). This can lead to private data being stored and served. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Ahmad Sadeddin for reporting this issue.
https://nvd.nist.gov/vuln/detail/CVE-2026-6907

References

6a34fbeb-21d4-45e7-8e0a-62b95bc12c92

https://docs.djangoproject.com/en/dev/releases/security/ Vendor Advisory
https://groups.google.com/g/django-announce Third Party Advisory
https://www.djangoproject.com/weblog/2026/may/05/security-releases/ Vendor Advisory

AFFECTED (from MITRE)

Vendor	Product	Versions
djangoproject	Django	6.0 < 6.0.5 [affected] 6.0.5 [unaffected] 5.2 < 5.2.14 [affected] 5.2.14 [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:djangoproject:django::::::::	>= 5.2	< 5.2.14
cpe:2.3:a:djangoproject:django::::::::	>= 6.0	< 6.0.5

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
204	Lifting Sensitive Data Embedded in Cache An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information. [Identify Application Cache] An adversary first identifies an application that utilizes a cache. This could either be a web application storing data in a browser cache, or an application running on a separate machine. The adversary examines the cache to determine file permissions and possible encryption. [Attempt to Access Cache] Once the cache has been discovered, the adversary attempts to access the cached data. This often requires previous access to a machine hosting the target application. [Lift Sensitive Data from Cache] After gaining access to cached data, an adversary looks for potentially sensitive information and stores it for malicious use. This sensitive data could possibly be used in follow-up attacks related to authentication or authorization.	Medium

MITRE

Techniques

id	description
T1005	Data from Local System
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id	description
M1057	Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer