Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-48588

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. `UpdateCacheMiddleware` and the `cache_page()` decorator cache responses that vary on cookies when the incoming request carries unrelated cookies, which allows remote attackers to read private data from the shared cache. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Chris Whyland for reporting this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 3.1
Products affected by CVE-2026-48588


Contact Us

Shodan ® - All rights reserved