Race Condition Vulnerability in django-tastypie by Django
CVE-2026-16208

2.3LOW

Key Information:

Vendor

Django

Vendor
CVE Published:
19 July 2026

What is CVE-2026-16208?

A flaw within the django-tastypie framework, specifically in the CacheThrottle/CacheDBThrottle functions, has been identified, leading to a race condition issue. This vulnerability allows attackers to potentially execute remote attacks due to improper management of concurrent access to shared resources. The complexity of the attack is significant, making it challenging for exploitation. The responsible team was made aware of the problem early on through an issue report, but there's been no response to date, leaving the vulnerability unaddressed.

Affected Version(s)

django-tastypie 0.15.0

django-tastypie 0.15.1

References

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Galaxyn (VulDB User)
VulDB CNA Team
.