CVE-2026-48587
Header Injection Bypass in Django Web Framework
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: Django Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| django | django | to 5.2.15 (exc) |
| django | django | to 6.0.6 (exc) |
| django | django | 5.0 |
| django | django | 4.1 |
| django | django | 3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1023 | The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Django versions 5.2 before 5.2.15 and 6.0 before 6.0.6. The issue is that the function django.utils.cache.has_vary_header() does not remove leading or trailing whitespace from the Vary response header values before comparing them.
Because of this, remote attackers can exploit the whitespace-padded Vary header values to read cached responses that they should not normally have access to.
Earlier unsupported Django versions such as 5.0.x, 4.1.x, and 3.2.x may also be affected.
How can this vulnerability impact me? :
This vulnerability allows remote attackers to read cached responses by exploiting the improper handling of whitespace in Vary header values.
As a result, sensitive or private cached data might be exposed to unauthorized users, potentially leading to information disclosure.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Django to a fixed version. Specifically, update to Django 5.2.15 or later if you are using the 5.2 series, or to Django 6.0.6 or later if you are using the 6.0 series.
Earlier unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x may also be affected, so consider upgrading to a supported and patched version.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided context and resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the improper handling of whitespace in the Vary response header in Django versions before 5.2.15 and 6.0.6, which allows remote attackers to read cached responses. To detect this vulnerability on your network or system, you can inspect HTTP response headers for Vary headers that contain leading or trailing whitespace.
One approach is to capture HTTP responses from your Django application and check the Vary header values for unexpected whitespace. This can be done using command-line tools like curl combined with grep or awk.
- Use curl to fetch a URL and display the Vary header: curl -I http://your-django-app/path | grep -i Vary
- Check if the Vary header value contains leading or trailing whitespace by piping the output to a command that highlights whitespace, for example: curl -I http://your-django-app/path | grep -i Vary | cat -A
- Alternatively, use a network traffic capture tool like tcpdump or Wireshark to capture HTTP responses and analyze the Vary headers for whitespace padding.
If you find Vary headers with leading or trailing whitespace, and your Django version is affected, this indicates the presence of the vulnerability.