CVE-2026-48587
Analyzed Analyzed - Analysis Complete
Header Injection Bypass in Django Web Framework

Publication date: 2026-06-03

Last updated on: 2026-06-05

Assigner: Django Software Foundation

Description
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Django does not strip leading or trailing whitespace from `Vary` response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose responses contain whitespace-padded Vary header values. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Navid Rezazadeh for reporting this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-05
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-48587
EUVD
EUVD-2026-34090
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
djangoproject django From 5.2 (inc) to 5.2.15 (exc)
djangoproject django From 6.0 (inc) to 6.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1023 The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Django versions 5.2 before 5.2.15 and 6.0 before 6.0.6. The issue is that the function django.utils.cache.has_vary_header() does not remove leading or trailing whitespace from the Vary response header values before comparing them.

Because of this, remote attackers can exploit the whitespace-padded Vary header values to read cached responses that they should not normally have access to.

Earlier unsupported Django versions such as 5.0.x, 4.1.x, and 3.2.x may also be affected.

Impact Analysis

This vulnerability allows remote attackers to read cached responses by exploiting the improper handling of whitespace in Vary header values.

As a result, sensitive or private cached data might be exposed to unauthorized users, potentially leading to information disclosure.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Django to a fixed version. Specifically, update to Django 5.2.15 or later if you are using the 5.2 series, or to Django 6.0.6 or later if you are using the 6.0 series.

Earlier unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x may also be affected, so consider upgrading to a supported and patched version.

Compliance Impact

The provided context and resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves the improper handling of whitespace in the Vary response header in Django versions before 5.2.15 and 6.0.6, which allows remote attackers to read cached responses. To detect this vulnerability on your network or system, you can inspect HTTP response headers for Vary headers that contain leading or trailing whitespace.

One approach is to capture HTTP responses from your Django application and check the Vary header values for unexpected whitespace. This can be done using command-line tools like curl combined with grep or awk.

  • Use curl to fetch a URL and display the Vary header: curl -I http://your-django-app/path | grep -i Vary
  • Check if the Vary header value contains leading or trailing whitespace by piping the output to a command that highlights whitespace, for example: curl -I http://your-django-app/path | grep -i Vary | cat -A
  • Alternatively, use a network traffic capture tool like tcpdump or Wireshark to capture HTTP responses and analyze the Vary headers for whitespace padding.

If you find Vary headers with leading or trailing whitespace, and your Django version is affected, this indicates the presence of the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48587. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart