What is the CVSS score of CVE-2026-25674?

CVE-2026-25674 has a CVSS 3.1 base score of 3.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Golang are affected by CVE-2026-25674?

CVE-2026-25674 is a low-severity vulnerability in 6.0 (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.. A patch is available.

Golang CVE-2026-25674

LOW

Race Condition (CWE-362)

2026-03-03 6a34fbeb-21d4-45e7-8e0a-62b95bc12c92

GHSA-mjgh-79qc-68w3

Golang Race Condition Django

3.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

Patch released

Mar 05, 2026 - 14:07 nvd

Patch available

CVE Published

Mar 03, 2026 - 15:16 nvd

LOW 3.7

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

13 pypi packages depend on django (13 direct, 0 indirect)

Ecosystem-wide dependent count for version 6.0.

DescriptionNVD

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary umask change affects other threads in multi-threaded environments. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

AnalysisAI

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. [CVSS 3.7 LOW]

RemediationAI

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-25674 vulnerability details – vuln.today

Back

Golang CVE-2026-25674

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code