Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 26.04 Django Important Security Issues Denial of Service USN-8232-1

ubuntu
Calendar Grey May 5, 2026
Dist Ubuntu Esm H88
Multiple security issues resolved in Django for Ubuntu systems. Ensure you update your installations to avoid risks.
Several security issues were fixed in Django.

Summary

Several security issues were fixed in Django.

Software Description:

- python-django: High-level Python web development framework

Details:

It was discovered that Django did not vary cached response headers on

cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST

was enabled. A remote attacker could possibly use this issue to steal a

user's session. (CVE-2026-35192)

Kyle Agronick and Jacob Walls discovered that Django incorrectly handled

ASGI requests with missing or understated Content-Length header values.

A remote attacker could possibly use this issue to cause Django to use

excessive resources, leading to a denial of service. (CVE-2026-5766)

Ahmad Sadeddin discovered that Django UpdateCacheMiddleware incorrectly

cached requests where the Vary header contained an asterisk. A remote

attacker could possibly use this issue to obtain sensitive information.

(CVE-2026-6907)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  python3-django                  3:5.2.9-0ubuntu4.1

Ubuntu 25.10
  python3-django                  3:5.2.4-1ubuntu2.5

Ubuntu 24.04 LTS
  python3-django                  3:4.2.11-1ubuntu1.16

Ubuntu 22.04 LTS
  python3-django                  2:3.2.12-2ubuntu1.27

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8232-1

CVE-2026-35192, CVE-2026-5766, CVE-2026-6907

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8232-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here