CVE-2026-1285
published 2026-02-03CVE-2026-1285: An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.99%
58.2th percentile
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-django | < python-django 3:3.2.25-0+deb12u2 (bookworm) | python-django 3:3.2.25-0+deb12u2 (bookworm) |
| djangoproject | django | >= 4.2 < 4.2.28 | 4.2.28 |
| djangoproject | django | >= 4.2a1 < 4.2.28 | 4.2.28 |
| djangoproject | django | >= 5.2 < 5.2.11 | 5.2.11 |
| djangoproject | django | >= 5.2a1 < 5.2.11 | 5.2.11 |
| djangoproject | django | >= 6.0 < 6.0.2 | 6.0.2 |
| djangoproject | django | >= 6.0a1 < 6.0.2 | 6.0.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa6.5MEDIUM
osv7.5HIGH
vendor_redhat8.8HIGH
vendor_debian7.5HIGH
vendor_ubuntu5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gogs has SSRF in webhook deliveries
ghsa·2026-06-22·CVSS 6.5
CVE-2026-47267 [MEDIUM] CWE-918 Gogs has SSRF in webhook deliveries
Gogs has SSRF in webhook deliveries
### Summary
The fix for CVE-2022-1285 prevents adding webooks or running webhooks with URLs with a hostname that resolves in localCIDRs. However, webhooks still follow redirects allowing to access hostname inside localCIDRs.
This was already communicated in the initial report but it looks like there was a bit of a miscommunication.
### Details
By creating a webook pointing to any URL that will return the following:
```
HTTP/1.1 301 Moved Permanently
Location: http://169.254.169.254/metadata/v1.json
Content-Length: 0
Connection: close
```
It is possible to access 169.254.169.254
### PoC
1. Run netcat on any server
2. Use this server as the webhook URL
3. Once you get the request from the webhook (for example by testing it), copy the response above
OSV
python-django vulnerabilities
osv·2026-02-03·CVSS 5.3
CVE-2025-13473 [MEDIUM] python-django vulnerabilities
python-django vulnerabilities
It was discovered that Django exposed timing information when checking
passwords. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2025-13473)
Jiyong Yang discovered that Django incorrectly handled malformed requests
with duplicate headers. An attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 25.10. (CVE-2025-14550)
Tarek Nakkouch discovered that Django incorrectly parsed raster lookups. An
attacker could possibly use this issue to perform SQL injection attacks.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-1207)
Seokchan Yoon discovered that Django incorrect
OSV
CVE-2026-1285: An issue was discovered in 6
osv·2026-02-03·CVSS 7.5
CVE-2026-1285 [HIGH] CVE-2026-1285: An issue was discovered in 6
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
OSV
Django has Inefficient Algorithmic Complexity
osv·2026-02-03
CVE-2026-1285 [LOW] Django has Inefficient Algorithmic Complexity
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
GHSA
Django has Inefficient Algorithmic Complexity
ghsa·2026-02-03
CVE-2026-1285 [LOW] CWE-407 Django has Inefficient Algorithmic Complexity
Django has Inefficient Algorithmic Complexity
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
Red Hat
chromium-browser: Insufficient validation of untrusted input in Codecs
vendor_redhat·2026-06-02·CVSS 8.8
CVE-2026-11079 [HIGH] CWE-1285 chromium-browser: Insufficient validation of untrusted input in Codecs
chromium-browser: Insufficient validation of untrusted input in Codecs
Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory write via a crafted video file. (Chromium security severity: Medium)
An insufficient validation of untrusted input flaw was found in the Codecs component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=500028989
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Google Chrome Security Advisory.
Red Hat
kernel: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
vendor_redhat·2026-05-28
CVE-2026-46220 CWE-1285 kernel: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
kernel: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
A flaw was found in the Linux kernel's AMDGPU graphics driver (drm/amdgpu/sdma4). An unprivileged local user could exploit this vulnerability by submitting specially crafted DRM_IOCTL_AMDGPU_CS commands with misaligned fence writeback addresses. This could trigger a BUG_ON assertion, leading to a fatal kernel panic and causing a Denial of Service (DoS) on the system.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 8)
Red Hat
kernel: wifi: b43legacy: enforce bounds check on firmware key index in RX path
vendor_redhat·2026-05-28
CVE-2026-46163 CWE-1285 kernel: wifi: b43legacy: enforce bounds check on firmware key index in RX path
kernel: wifi: b43legacy: enforce bounds check on firmware key index in RX path
A flaw was found in the Linux kernel's `b43legacy` Wi-Fi driver. A remote attacker could exploit this vulnerability by sending specially crafted Wi-Fi frames, causing the firmware-controlled key index in the receive path to exceed its allocated bounds. This out-of-bounds read could lead to information disclosure from kernel memory or a denial of service.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Not
Red Hat
kernel: LoongArch: Add spectre boundry for syscall dispatch table
vendor_redhat·2026-05-27
CVE-2026-45993 CWE-1285 kernel: LoongArch: Add spectre boundry for syscall dispatch table
kernel: LoongArch: Add spectre boundry for syscall dispatch table
A flaw was found in the Linux kernel, specifically affecting the LoongArch architecture. The system call (syscall) dispatch table, which handles requests from user programs, does not properly validate the syscall number provided by userspace. This missing boundary check could allow a local attacker to access memory outside the intended syscall function pointer tables, potentially leading to information disclosure.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Packa
Red Hat
kernel: misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
vendor_redhat·2026-05-27·CVSS 5.5
CVE-2026-46022 [MEDIUM] CWE-1285 kernel: misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
kernel: misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
A flaw was found in the Linux kernel's `ibmasm` module. A compromised service processor can exploit this by manipulating specific hardware registers, causing the system to read data from an unintended memory location. This out-of-bounds read can lead to a system crash, resulting in a Denial of Service (DoS).
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Out of support scope
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Not affected
Package: kernel (Red Hat Enterpr
Red Hat
vm2: vm2: Denial of Service via host memory exhaustion
vendor_redhat·2026-05-13·CVSS 7.5
CVE-2026-44004 [HIGH] CWE-1285 vm2: vm2: Denial of Service via host memory exhaustion
vm2: vm2: Denial of Service via host memory exhaustion
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR: Reached heap limit. This vulnerability is fixed in 3.11.0.
A flaw was found in vm2 (before 3.11.0). Sandboxed code can call Buffer.alloc() with arbitrary size to allocate on the host heap synchronously; vm2 timeout cannot interrupt the native C++ call, allowing a single request to exhaust host memory and crash the process. Fixed in 3.11.0.
Statement: vm2 is vulnerable to denial of service
Red Hat
kernel: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER
vendor_redhat·2026-05-08
CVE-2026-43348 CWE-1285 kernel: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER
kernel: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER
A flaw was found in the Linux kernel's `mshv_vtl` component. When registering VTL0 memory, an issue with memory mapping calculations can cause the system to trigger a warning and return an invalid argument error. This could lead to system instability or a denial of service (DoS), preventing legitimate memory operations.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Not affected
Package: kernel (Red Hat Enterprise Linux
Red Hat
kernel: LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE
vendor_redhat·2026-05-06
CVE-2026-43212 CWE-1285 kernel: LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE
kernel: LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE
A flaw was found in the Linux kernel, specifically within the `cpumask_of_node()` function on the LoongArch architecture. This function did not properly handle the `NUMA_NO_NODE` index, which is a valid input. This oversight could lead to unexpected system behavior or instability, potentially impacting resource management within the kernel.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Not affected
Package: ker
Red Hat
kernel: ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
vendor_redhat·2026-05-06
CVE-2026-43241 CWE-1285 kernel: ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
kernel: ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
A flaw was found in the Linux kernel component `ntb_hw_switchtec`. This vulnerability allows an attacker to trigger an array-index-out-of-bounds access when handling the number of MW LUTs, which depends on NTB configuration. This invalid access to `mw_sizes` can lead to a Denial of Service (DoS) condition, making the system unavailable.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Not affected
Package: kernel (R
Red Hat
Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation
vendor_redhat·2026-05-05·CVSS 5.3
CVE-2026-43868 [MEDIUM] CWE-1285 Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation
Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation
A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become unresponsive, leading to a Denial of Service (DoS).
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: libthrift (Red Hat build of Apache Camel 4 for Quarkus 3) - Affected
Package: libthrift (Red Hat Data Grid 8) - Affecte
Red Hat
kernel: ALSA: ctxfi: Fix missing SPDIFI1 index handling
vendor_redhat·2026-05-01·CVSS 7.0
CVE-2026-31776 [MEDIUM] CWE-1285 kernel: ALSA: ctxfi: Fix missing SPDIFI1 index handling
kernel: ALSA: ctxfi: Fix missing SPDIFI1 index handling
A flaw was found in the Linux kernel's ALSA ctxfi driver. The daio_device_index() function for hw20k2 improperly handles the SPDIF1 DAIO type, leading to a missing index. This issue can result in an out-of-bounds array access, which may cause system instability or a denial of service (DoS).
Package: kernel (Red Hat Enterprise Linux 10) - Affected
Package: kernel (Red Hat Enterprise Linux 6) - Out of support scope
Package: kernel (Red Hat Enterprise Linux 7) - Affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Affected
Package: kernel (Red Hat Enterprise Linux 8) - Affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Affected
Package: kernel (Red Hat Enterprise Linux 9) - Affected
Package: kernel-rt (Red Hat Ente
Red Hat
kernel: usb: typec: ucsi: validate connector number in ucsi_notify_common()
vendor_redhat·2026-05-01·CVSS 7.0
CVE-2026-31729 [MEDIUM] CWE-1285 kernel: usb: typec: ucsi: validate connector number in ucsi_notify_common()
kernel: usb: typec: ucsi: validate connector number in ucsi_notify_common()
A flaw was found in the Linux kernel's USB Type-C Unified Connector and Switch Interface (UCSI) module. A malicious or malfunctioning USB Type-C device could report an out-of-range connector number in the Configuration and Capability Information (CCI). This could lead to an out-of-bounds array access in the `ucsi_connector_change()` function, potentially causing system instability or a denial of service (DoS).
Package: kernel (Red Hat Enterprise Linux 10) - Affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Affected
Package
Red Hat
kernel: drm/amdgpu: validate doorbell_offset in user queue creation
vendor_redhat·2026-05-01
CVE-2026-31766 CWE-1285 kernel: drm/amdgpu: validate doorbell_offset in user queue creation
kernel: drm/amdgpu: validate doorbell_offset in user queue creation
A flaw was found in the Linux kernel's AMD GPU (amdgpu) driver. A local user could exploit this vulnerability by providing a malformed doorbell offset during user queue creation. This lack of proper bounds checking allows the offset to exceed the allocated memory, potentially corrupting critical kernel memory. This could lead to a system crash (Denial of Service) or, in some scenarios, privilege escalation.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: k
Red Hat
kernel: netfilter: xt_multiport: validate range encoding in checkentry
vendor_redhat·2026-04-25·CVSS 5.5
CVE-2026-31681 [MEDIUM] CWE-1285 kernel: netfilter: xt_multiport: validate range encoding in checkentry
kernel: netfilter: xt_multiport: validate range encoding in checkentry
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_multiport: validate range encoding in checkentry
ports_match_v1() treats any non-zero pflags entry as the start of a
port range and unconditionally consumes the next ports[] element as
the range end.
The checkentry path currently validates protocol, flags and count, but
it does not validate the range encoding itself. As a result, malformed
rules can mark the last slot as a range start or place two range starts
back to back, leaving ports_match_v1() to step past the last valid
ports[] element while interpreting the rule.
Reject malformed multiport v1 rules in checkentry by validating that
each range start has a following element and that t
Red Hat
kernel: ksmbd: require 3 sub-authorities before reading sub_auth[2]
vendor_redhat·2026-04-24
CVE-2026-31611 CWE-1285 kernel: ksmbd: require 3 sub-authorities before reading sub_auth[2]
kernel: ksmbd: require 3 sub-authorities before reading sub_auth[2]
A flaw was found in the ksmbd component of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted Access Control Entry (ACE) that causes an out-of-bounds read when parsing security identifiers. This out-of-bounds read can lead to the application of arbitrary, unintended data as a file's POSIX mode, potentially resulting in incorrect file permissions and unauthorized access to files.
Package: kernel (Red Hat Enterprise Linux 10) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not
Red Hat
kernel: module: Fix kernel panic when a symbol st_shndx is out of bounds
vendor_redhat·2026-04-22·CVSS 7.0
CVE-2026-31521 [MEDIUM] CWE-1285 kernel: module: Fix kernel panic when a symbol st_shndx is out of bounds
kernel: module: Fix kernel panic when a symbol st_shndx is out of bounds
A flaw was found in the Linux kernel. The module loader, specifically in the simplify_symbols() function, does not properly validate the bounds of the ELF (Executable and Linkable Format) section index. An attacker could craft a malicious module with an out-of-bounds st_shndx value, leading to a kernel panic and a Denial of Service (DoS) on the system.
Package: kernel (Red Hat Enterprise Linux 10) - Affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Not affected
P
Red Hat
kernel: ext4: validate p_idx bounds in ext4_ext_correct_indexes
vendor_redhat·2026-04-22·CVSS 7.0
CVE-2026-31449 [MEDIUM] CWE-1285 kernel: ext4: validate p_idx bounds in ext4_ext_correct_indexes
kernel: ext4: validate p_idx bounds in ext4_ext_correct_indexes
A flaw was found in the Linux kernel's ext4 filesystem. A local attacker could exploit this vulnerability by providing a specially crafted or corrupted on-disk extent header. This could cause an out-of-bounds read in memory, potentially leading to information disclosure or a system crash (Denial of Service).
Package: kernel (Red Hat Enterprise Linux 10) - Affected
Package: kernel (Red Hat Enterprise Linux 6) - Out of support scope
Package: kernel (Red Hat Enterprise Linux 7) - Affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Affected
Package: kernel (Red Hat Enterprise Linux 8) - Affected
Package: kernel-rt (Red Hat Enterprise Linux 8) - Affected
Package: kernel (Red Hat Enterprise Linux 9) - Affected
Packag
Red Hat
ImageMagick: Magick.NET: ImageMagick: Denial of service via heap out-of-bounds write in JP2 encoder
vendor_redhat·2026-04-13·CVSS 5.5
CVE-2026-40310 [MEDIUM] CWE-1285 ImageMagick: Magick.NET: ImageMagick: Denial of service via heap out-of-bounds write in JP2 encoder
ImageMagick: Magick.NET: ImageMagick: Denial of service via heap out-of-bounds write in JP2 encoder
A flaw was found in ImageMagick. This vulnerability, a heap out-of-bounds write, occurs within the JPEG 2000 (JP2) encoder when processing an image with an invalid sampling index. A remote attacker could exploit this by providing a specially crafted image, which may lead to a denial of service (DoS) by causing the application to crash or become unstable.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: ImageMagick (Red Hat Enterprise Linux 6) - Out of support scope
Package: ImageMagick
Red Hat
kernel: apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
vendor_redhat·2026-04-01·CVSS 7.8
CVE-2026-23407 [HIGH] CWE-1285 kernel: apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
kernel: apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
The verify_dfa() function only checks DEFAULT_TABLE bounds when the state
is not differentially encoded.
When the verification loop traverses the differential encoding chain,
it reads k = DEFAULT_TABLE[j] and uses k as an array index without
validation. A malformed DFA with DEFAULT_TABLE[j] >= state_count,
therefore, causes both out-of-bounds reads and writes.
[ 57.179855] ==================================================================
[ 57.180549] BUG: KASAN: slab-out-of-bounds in verify_dfa+0x59a/0x660
[ 57.180904] Read of size 4 at addr ffff888100eadec4 by task su/993
[ 57.1
Red Hat
kernel: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
vendor_redhat·2026-03-25·CVSS 5.5
CVE-2026-23386 [MEDIUM] CWE-1285 kernel: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
kernel: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
In the Linux kernel, the following vulnerability has been resolved:
gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
In DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA
buffer cleanup path. It iterates num_bufs times and attempts to unmap
entries in the dma array.
This leads to two issues:
1. The dma array shares storage with tx_qpl_buf_ids (union).
Interpreting buffer IDs as DMA addresses results in attempting to
unmap incorrect memory locations.
2. num_bufs in QPL mode (counting 2K chunks) can significantly exceed
the size of the dma array, causing out-of-bounds access warnings
(trace below is how we noticed this issue).
UBSAN: array-index-out-of-bounds in
drive
Red Hat
golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file
vendor_redhat·2026-03-25·CVSS 5.3
CVE-2026-33809 [MEDIUM] CWE-1285 golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file
golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Sec
Red Hat
micronaut-core: Micronaut Framework: Micronaut Framework: Denial of Service via crafted form parameters
vendor_redhat·2026-03-20·CVSS 8.2
CVE-2026-33013 [HIGH] CWE-1285 micronaut-core: Micronaut Framework: Micronaut Framework: Denial of Service via crafted form parameters
micronaut-core: Micronaut Framework: Micronaut Framework: Denial of Service via crafted form parameters
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in theJsonBeanPropertyBinder::expandArrayToThreshold, which allows remote attackers to cause a DoS (non-terminating loop, CPU exhaustion, and OutOfMemoryError) via crafted indexed form parameters (e.g., authors[1].name followed by authors[0].name). This issue has been fixed in versions 4.10.16 and 3.10.5.
A flaw was found in Micronaut Framework, specifically within the micronaut-core component. This vulnerability allows a remote atta
Red Hat
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
vendor_redhat·2026-02-12·CVSS 8.8
CVE-2026-2006 [HIGH] CWE-1285 postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat P
Red Hat
Django: Django: Denial of Service via crafted HTML inputs
vendor_redhat·2026-02-03·CVSS 7.5
CVE-2026-1285 [HIGH] CWE-770 Django: Django: Denial of Service via crafted HTML inputs
Django: Django: Denial of Service via crafted HTML inputs
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
`django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Seokchan Yoon for reporting this issue.
A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the `django.uti
Ubuntu
Django vulnerabilities
vendor_ubuntu·2026-02-03·CVSS 5.3
CVE-2026-1312 [MEDIUM] Django vulnerabilities
Title: Django vulnerabilities
Summary: Several security issues were fixed in Django.
It was discovered that Django exposed timing information when checking
passwords. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2025-13473)
Jiyong Yang discovered that Django incorrectly handled malformed requests
with duplicate headers. An attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, and Ubuntu 25.10. (CVE-2025-14550)
Tarek Nakkouch discovered that Django incorrectly parsed raster lookups. An
attacker could possibly use this issue to perform SQL injection attacks.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-20
Red Hat
jsPDF: jsPDF: Denial of Service due to excessive memory allocation from crafted BMP images
vendor_redhat·2026-02-02·CVSS 8.7
CVE-2026-24133 [HIGH] CWE-1285 jsPDF: jsPDF: Denial of Service due to excessive memory allocation from crafted BMP images
jsPDF: jsPDF: Denial of Service due to excessive memory allocation from crafted BMP images
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in [email protected].
A flaw was found in jsPDF. A remote attacker can exploit this vulnerability by providing specially crafted BMP image data or URLs to the addImage or html methods. Th
Debian
CVE-2026-1285: python-django - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4...
vendor_debian·2026·CVSS 7.5
CVE-2026-1285 [HIGH] CVE-2026-1285: python-django - An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4...
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (with `html=True`) and the `truncatechars_html` and `truncatewords_html` template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
Scope: local
bookworm: resolved (fixed in 3:3.2.25-0+deb12u2)
bullseye: resolved (fixed in 2:2.2.28-1~deb11u12)
forky: resolved (fixed in 3:4.2.28-1)
sid: resolved (fixed in 3:4.2.28-1)
trixie: resolved (fixed in 3:4.2.28-0+deb13u1)
No detection rules found.
No public exploits indexed.
Checkpoint
8th March – Threat Intelligence Report
blogs_checkpoint·2021-03-08
CVE-2021-1285 8th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 8th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 8th March, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
SITA, a communications and IT vendor for 90 percent of the world’s airlines, has been breached in a massive supply-chain attack, compromising frequent-flyer data across many carriers such as United, Singapore Airlines, Lufthansa, and more.
Spirit Airlines has suffered a data breach by “Nefilim” ransomware. A first batch of cus
Wiz
CVE-2025-14550 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-14550 [HIGH] CVE-2025-14550 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14550 :
Django vulnerability analysis and mitigation
ASGIRequest
Source : NVD
## 7.5
Score
Published February 3, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Django
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
authentik
authentik-fips
Sources
NVD
Alpine 3.23 Severity HIGH Has Fix Added at: Feb 10, 2026
Alpine edge Severity HIGH Has Fix Added at: Feb 08, 2026
Chainguard Has Fix Added at: Feb 08, 2026
Debian 11 Severity HIGH No Fix Added at: Feb 04, 2026
Debian 12, 13, 14 Severity HIGH Has Fix Added at: Feb 04, 2026
Echo Severity HIGH Has Fix Added at: Feb 04, 2026
p
Wiz
CVE-2026-1207 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-1207 [MEDIUM] CVE-2026-1207 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1207 :
Django vulnerability analysis and mitigation
RasterField
Source : NVD
## 5.4
Score
Published February 3, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
Django
Chainguard
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 88.2
Exploitation Probability (EPSS) 3.8
Affected packages and libraries
py3-django
python3-django-bash-completion
Sources
NVD
Alpine 3.23 Severity MEDIUM Has Fix Added at: Feb 10, 2026
Alpine edge Severity MEDIUM Has Fix Added at: Feb 08, 2026
Chainguard Has Fix Added at: Feb 08, 2026
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Feb 04, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 04, 2026
pip Severity HIGH Has Fix
Wiz
CVE-2025-13473 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-13473 [MEDIUM] CVE-2025-13473 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13473 :
Django vulnerability analysis and mitigation
django.contrib.auth.handlers.modwsgi.check_password()
mod_wsgi
Source : NVD
## 5.3
Score
Published February 3, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Django
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
authentik
authentik-fips
Sources
NVD
Alpine 3.23 Severity MEDIUM Has Fix Added at: Feb 10, 2026
Alpine edge Severity MEDIUM Has Fix Added at: Feb 08, 2026
Chainguard Has Fix Added at: Feb 08, 2026
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Feb 04, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 0
Wiz
CVE-2026-1285 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-1285 [HIGH] CVE-2026-1285 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1285 :
Django vulnerability analysis and mitigation
django.utils.text.Truncator.chars()
Truncator.words()
html=True
truncatechars_html
truncatewords_html
Source : NVD
## 7.5
Score
Published February 3, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Django
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
awx
python3-django-bash-completion
Sources
NVD
Alpine 3.23 Severity HIGH Has Fix Added at: Feb 10, 2026
Alpine edge Severity HIGH Has Fix Added at: Feb 08, 2026
Chainguard Has Fix Added at: Feb 08, 2026
Debian 11, 12, 13, 14 Severity HIGH Has Fix Added at: Feb 04, 2026
Ec
Wiz
CVE-2026-1287 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-1287 [HIGH] CVE-2026-1287 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1287 :
Django vulnerability analysis and mitigation
FilteredRelation
**kwargs
QuerySet
annotate()
aggregate()
extra()
values()
values_list()
alias()
Source : NVD
## 5.4
Score
Published February 3, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
Django
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
label-studio
django
Sources
NVD
Alpine 3.23 Severity MEDIUM Has Fix Added at: Feb 10, 2026
Alpine edge Severity MEDIUM Has Fix Added at: Feb 08, 2026
Chainguard Has Fix Added at: Feb 08, 2026
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Feb 04, 2026
Echo Seve
Wiz
CVE-2026-25673 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-25673 [HIGH] CVE-2026-25673 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25673 :
Django vulnerability analysis and mitigation
URLField.to_python()
urllib.parse.urlsplit()
Source : NVD
## 7.5
Score
Published March 3, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Django
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 45.7
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
authentik-fips
awx
Sources
NVD
Alpine 3.23 Severity HIGH Has Fix Added at: Mar 08, 2026
Chainguard Has Fix Added at: Mar 08, 2026
pip Severity HIGH Has Fix Added at: Mar 05, 2026
MinimOS Severity HIGH Has Fix Added at: Mar 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on wha
Wiz
CVE-2026-25674 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-25674 [HIGH] CVE-2026-25674 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25674 :
Django vulnerability analysis and mitigation
umask
Source : NVD
## 3.7
Score
Published March 3, 2026
Severity LOW
CNA Score 3.7
Affected Technologies
Django
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
py3-django
django
Sources
NVD
Alpine 3.23 Severity LOW Has Fix Added at: Mar 08, 2026
Chainguard Has Fix Added at: Mar 08, 2026
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 03, 2026
Debian 14 Severity LOW Has Fix Added at: Mar 03, 2026
Echo Severity LOW No Fix Added at: Mar 03, 2026
pip Severity LOW Has Fix Added at: Mar 05, 2026
MinimOS Severity LOW Has Fix A
Wiz
CVE-2026-1312 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-1312 [HIGH] CVE-2026-1312 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1312 :
Django vulnerability analysis and mitigation
.QuerySet.order_by()
FilteredRelation
Source : NVD
## 5.4
Score
Published February 3, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
Django
Chainguard
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
python3-django
python3-django-doc
Sources
NVD
Alpine 3.23 Severity MEDIUM Has Fix Added at: Feb 10, 2026
Alpine edge Severity MEDIUM Has Fix Added at: Feb 08, 2026
Chainguard Has Fix Added at: Feb 08, 2026
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Feb 04, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 04, 2026
pip Seve
Bugzilla
CVE-2026-1285 python-django3: Django: Denial of Service via crafted HTML inputs [epel-8]
bugzilla·2026-02-04·CVSS 7.5
CVE-2026-1285 [HIGH] CVE-2026-1285 python-django3: Django: Denial of Service via crafted HTML inputs [epel-8]
CVE-2026-1285 python-django3: Django: Denial of Service via crafted HTML inputs [epel-8]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
Package `python-django3` is retired on the `epel8` dist-git branch (the `dead.package` marker is present); closing as CANTFIX since there's no live package to update.
2026-02-03
Published