Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE Leap 16.0 python-Django Important DoS Threat 2026-20578-1

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
A critical update for python-Django on openSUSE solves 5 issues and enhances security. Install now to ensure system integrity.
An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description

This update for python-Django fixes the following issues:

Changes in python-Django:

- CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation (bsc#1261729)

- CVE-2026-4277: Privilege abuse in GenericInlineModelAdmin (bsc#1261731)

- CVE-2026-4292: Privilege abuse in ModelAdmin.list_editable (bsc#1261732)

- CVE-2026-33033: Potential denial-of-service vulnerability in

MultiPartParser via base64-encoded file upload (bsc#1261722)

- CVE-2026-33034: Potential denial-of-service vulnerability in

ASGI requests via memory upload limit bypass (bsc#1261724)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-196=1

Patch

Package List

- openSUSE Leap 16.0:

python313-Django-5.2.4-bp160.7.1

References

* bsc#1261722

* bsc#1261724

* bsc#1261729

* bsc#1261731

* bsc#1261732

References:

* https://www.suse.com/security/cve/CVE-2026-33033.html

* https://www.suse.com/security/cve/CVE-2026-33034.html

* https://www.suse.com/security/cve/CVE-2026-3902.html

* https://www.suse.com/security/cve/CVE-2026-4277.html

* https://www.suse.com/security/cve/CVE-2026-4292.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20578-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here