Django Tastypie ApiKey Authentication Vulnerability in Up to Version 0.15.1
CVE-2026-16207
6.3MEDIUM
What is CVE-2026-16207?
A vulnerability has been identified in Django Tastypie versions up to 0.15.1, specifically within the ApiKeyAuthentication function in the file tastypie/authentication.py. This flaw enables the exploitation of the GET request method that processes sensitive query strings, potentially exposing confidential information. The vulnerability can be exploited remotely, and while it involves high complexity, appropriate countermeasures and scrutiny are essential since the project maintainers have yet to formally respond to the reported issue.
Affected Version(s)
django-tastypie 0.15.0
django-tastypie 0.15.1
