StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8232-1

Django vulnerabilities

Published: Tue, 05 May 2026 15:30

CVE-2026-6907CVE-2026-5766CVE-2026-35192

Summary

Several security issues were fixed in Django.

Details

It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. (CVE-2026-35192) Kyle Agronick and Jacob Walls discovered that Django incorrectly handled ASGI requests with missing or understated Content-Length header values. A remote attacker could possibly use this issue to cause Django to use excessive resources, leading to a denial of service. (CVE-2026-5766) Ahmad Sadeddin discovered that Django UpdateCacheMiddleware incorrectly cached requests where the Vary header contained an asterisk. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6907)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu jammy

  • python-django2:3.2.12-2ubuntu1.27apt_upgrade

    Standard apt upgrade. Install 2:3.2.12-2ubuntu1.27 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python-django

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • python-django-doc2:3.2.12-2ubuntu1.27apt_upgrade

    Standard apt upgrade. Install 2:3.2.12-2ubuntu1.27 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python-django-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • python3-django2:3.2.12-2ubuntu1.27apt_upgrade

    Standard apt upgrade. Install 2:3.2.12-2ubuntu1.27 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python3-django

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

  • python-django3:4.2.11-1ubuntu1.16apt_upgrade

    Standard apt upgrade. Install 3:4.2.11-1ubuntu1.16 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python-django

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • python-django-doc3:4.2.11-1ubuntu1.16apt_upgrade

    Standard apt upgrade. Install 3:4.2.11-1ubuntu1.16 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python-django-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • python3-django3:4.2.11-1ubuntu1.16apt_upgrade

    Standard apt upgrade. Install 3:4.2.11-1ubuntu1.16 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python3-django

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu questing

  • python-django3:5.2.4-1ubuntu2.5apt_upgrade

    Standard apt upgrade. Install 3:5.2.4-1ubuntu2.5 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python-django

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • python-django-doc3:5.2.4-1ubuntu2.5apt_upgrade

    Standard apt upgrade. Install 3:5.2.4-1ubuntu2.5 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python-django-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • python3-django3:5.2.4-1ubuntu2.5apt_upgrade

    Standard apt upgrade. Install 3:5.2.4-1ubuntu2.5 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python3-django

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

  • python-django3:5.2.9-0ubuntu4.1apt_upgrade

    Standard apt upgrade. Install 3:5.2.9-0ubuntu4.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python-django

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • python-django-doc3:5.2.9-0ubuntu4.1apt_upgrade

    Standard apt upgrade. Install 3:5.2.9-0ubuntu4.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python-django-doc

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • python3-django3:5.2.9-0ubuntu4.1apt_upgrade

    Standard apt upgrade. Install 3:5.2.9-0ubuntu4.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y python3-django

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8232-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8232-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →