ByteOS Network

NVD Vulnerability Details :

CVE-2026-25674

Awaiting Analysis

Source-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92

Published At-03 Mar, 2026 | 15:16

Updated At-03 Mar, 2026 | 21:52

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-362	Secondary	6a34fbeb-21d4-45e7-8e0a-62b95bc12c92

CWE ID: CWE-362

Type: Secondary

Source: 6a34fbeb-21d4-45e7-8e0a-62b95bc12c92

References

Hyperlink	Source	Resource
https://docs.djangoproject.com/en/dev/releases/security/	6a34fbeb-21d4-45e7-8e0a-62b95bc12c92	N/A
https://groups.google.com/g/django-announce	6a34fbeb-21d4-45e7-8e0a-62b95bc12c92	N/A
https://www.djangoproject.com/weblog/2026/mar/03/security-releases/	6a34fbeb-21d4-45e7-8e0a-62b95bc12c92	N/A