Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
4Blast Radius
ecosystem impact- 16 pypi packages depend on django (16 direct, 0 indirect)
Ecosystem-wide dependent count for version 6.0.
DescriptionCVE.org
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with underscores) to a single version with underscores. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.
AnalysisAI
Header spoofing in Django 4.2 through 6.0 allows remote attackers to bypass security controls by exploiting ambiguous ASGI header normalization. The ASGIRequest handler incorrectly maps both hyphenated and underscored header variants to the same underscored version, enabling attackers to send conflicting headers where the malicious version overwrites legitimate security headers. Affects Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. No public exploit identified at time of analysis. EPSS data not available, but the unauthenticated network attack vector and high integrity impact warrant immediate patching.
Technical ContextAI
This vulnerability resides in Django's ASGI (Asynchronous Server Gateway Interface) request handling implementation. ASGI is Django's interface specification for asynchronous web servers and applications, the successor to WSGI. The flaw stems from improper HTTP header normalization where ASGIRequest converts both hyphenated header names (HTTP standard format like X-Forwarded-For) and underscored variants (X_Forwarded_For) to the same underscored Python dictionary key. This ambiguous mapping creates CWE-290 (Authentication Bypass by Spoofing) conditions because attackers can send duplicate headers with different naming conventions, causing the framework to process them inconsistently. Security-critical headers like X-Forwarded-Host, X-Forwarded-Proto, or authentication tokens become vulnerable to replacement attacks where malicious underscored versions override legitimate hyphenated versions or vice versa, depending on processing order. This affects all ASGI deployment configurations of Django, particularly those behind reverse proxies that rely on forwarded headers for authentication decisions, IP allowlisting, or protocol enforcement.
RemediationAI
Immediately upgrade to patched Django versions: 6.0.4 for the 6.0 series, 5.2.13 for the 5.2 series, or 4.2.30 for the 4.2 long-term support branch. These versions contain fixes for the ASGIRequest header normalization vulnerability. Users of unsupported Django versions (5.0.x, 4.1.x, 3.2.x and earlier) should prioritize migration to a supported LTS release (currently 4.2.30 or newer) as no security patches will be issued for end-of-life branches. In environments where immediate patching is not feasible, implement defense-in-depth controls including strict validation of forwarded headers at the reverse proxy layer, use of allowlists for acceptable header values, and avoid trusting client-controllable headers for authentication or authorization decisions. Review application code for dependencies on X-Forwarded-* headers and similar proxy-forwarded values. Complete remediation guidance and release notes are available at https://docs.djangoproject.com/en/dev/releases/security/ and https://www.djangoproject.com/weblog/2026/apr/07/security-releases/.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-290 – Authentication Bypass by Spoofing
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19686
GHSA-mvfq-ggxm-9mc5