Primary

Context

Django Cache Middleware Response Caching Vulnerability

Vulnerability

Patched

A vulnerability exists in Django's cache middleware that can lead to the improper caching of responses marked as private. This issue is present in Django versions 5.2 prior to 5.2.15 and 6.0 prior to 6.0.6. The problem arises because the `UpdateCacheMiddleware` does not handle `Cache-Control` response directives in a case-insensitive manner. As a result, remote attackers may be able to read responses that were incorrectly cached due to uppercase or mixed-case `Cache-Control` values. While this vulnerability has been identified in the current Django series, earlier unsupported versions may also be affected.

Impact

Exploitation of this vulnerability could result in the unintended exposure of private data through incorrectly cached responses.

Remediation

Users can upgrade to Django versions 5.2.15 or 6.0.6 to address this vulnerability.

Added: Jun 3, 2026, 2:30 PM

Updated: Jun 3, 2026, 2:30 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

6.8

remediation

7.7

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

6.8

remediation

7.7

relevance

9.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Django Cache Middleware Response Caching Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Django

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating