Primary

Context

Django UpdateCacheMiddleware Vary Header Handling Vulnerability

Vulnerability

Patched

A vulnerability exists in Django's UpdateCacheMiddleware in versions 6.0 prior to 6.0.5 and 5.2 prior to 5.2.14. The middleware incorrectly caches requests with a Vary header containing an asterisk, leading to the unintentional storage and serving of private data. While this issue has been evaluated in supported Django versions, earlier unsupported series may also be affected.

Impact

Exploitation of this vulnerability could result in the unintended caching of private data, which could then be served to users inappropriately.

Remediation

Users can upgrade to Django versions 6.0.5 or 5.2.14 to address this vulnerability.

Added: May 5, 2026, 4:36 PM

Updated: May 5, 2026, 4:36 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

7.6

remediation

7.7

relevance

7.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

7.6

remediation

7.7

relevance

7.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Django UpdateCacheMiddleware Vary Header Handling Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Django

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating