Primary

Context

Django ASGI Request File Upload Limit Bypass Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Django versions 6.0 prior to 6.0.5 and 5.2 prior to 5.2.14. The issue arises in ASGI requests that have a missing or understated 'Content-Length' header, allowing them to bypass the 'FILE_UPLOAD_MAX_MEMORY_SIZE' limit. This could result in large files being loaded into memory, causing degradation of service. Additionally, earlier unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) may also be affected.

Impact

Exploitation of this vulnerability can lead to increased memory usage, causing potential degradation of service.

Remediation

Users can upgrade to Django 6.0.5 or 5.2.14 to address this vulnerability.

Added: May 5, 2026, 4:39 PM

Updated: May 5, 2026, 4:39 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

6.4

remediation

7.7

relevance

7.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

6.4

remediation

7.7

relevance

7.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Django ASGI Request File Upload Limit Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Django

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating