Django Tastypie ApiKey Authentication Vulnerability in Up to Version 0.15.1
CVE-2026-16207

6.3MEDIUM

Key Information:

Vendor
CVE Published:
19 July 2026

What is CVE-2026-16207?

A vulnerability has been identified in Django Tastypie versions up to 0.15.1, specifically within the ApiKeyAuthentication function in the file tastypie/authentication.py. This flaw enables the exploitation of the GET request method that processes sensitive query strings, potentially exposing confidential information. The vulnerability can be exploited remotely, and while it involves high complexity, appropriate countermeasures and scrutiny are essential since the project maintainers have yet to formally respond to the reported issue.

Affected Version(s)

django-tastypie 0.15.0

django-tastypie 0.15.1

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Galaxyn (VulDB User)
VulDB CNA Team
.