django-s3file CVE-2026-42196
CRITICALSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
Impact
S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES
Depending on how files are handled, this may lead to confidentiality and integrity issues.
Patches
Django-S3File urges all users to update to a patched version >=7.0.2.
AnalysisAI
Path traversal in django-s3file's S3FileMiddleware allows attackers to manipulate HTTP requests and force Django applications to load arbitrary files from unintended S3 locations into request.FILES, bypassing pre-signed upload location restrictions. Affects all versions <=7.0.1. Vendor-confirmed vulnerability with patch released in version 7.0.2. No active exploitation confirmed (not in CISA KEV). CVSS metrics not available, but path traversal combined with file handling operations presents moderate confidentiality and integrity risk depending on application-specific file processing logic.
Technical ContextAI
Django-s3file is a Python middleware library that facilitates direct S3 uploads in Django applications by handling pre-signed S3 URLs and populating request.FILES with uploaded content. The vulnerability resides in S3FileMiddleware's input validation logic, specifically CWE-23 (Relative Path Traversal). The middleware fails to properly sanitize or canonicalize file path parameters in HTTP requests before retrieving files from S3. Attackers can inject relative path sequences (likely '../' traversal patterns) to escape the intended pre-signed upload directory scope and reference arbitrary S3 objects within the bucket or accessible storage. This allows unauthorized file access outside the application's expected upload boundaries, violating the security contract of pre-signed URLs which should restrict uploads to specific object keys.
RemediationAI
Immediately upgrade django-s3file to version 7.0.2 or later using pip install --upgrade django-s3file==7.0.2 or updating requirements.txt and redeploying. Vendor advisory confirms version 7.0.2 contains the fix for path validation in S3FileMiddleware (https://github.com/codingjoe/django-s3file/security/advisories/GHSA-67qg-7284-2277). If immediate upgrade is not feasible, implement compensating controls: (1) add custom middleware before S3FileMiddleware to validate and sanitize file path parameters, rejecting requests containing '../', encoded traversal sequences, or paths resolving outside expected prefixes; (2) restrict S3 bucket IAM policies to enforce least-privilege access scoping uploaded objects to specific prefixes, limiting traversal impact; (3) implement additional application-layer validation on request.FILES to verify file origins match expected S3 keys before processing. Note that workarounds do not eliminate the vulnerability and may interfere with legitimate file upload workflows; upgrading remains the definitive remediation.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-67qg-7284-2277