Memory Disclosure Vulnerability in Django Web Framework
CVE-2026-53877
6.3MEDIUM
What is CVE-2026-53877?
A vulnerability in Django's GDALRaster component allows for potential over-read of in-memory buffers, possibly disclosing adjacent memory contents. This issue stems from how GDALRaster, constructed from a bytes object, accesses its vsi_buffer property. The vulnerability may result in segmentation faults, leading to service degradation. Previous versions in unsupported series, such as 5.0.x and 4.1.x, are also suspected to be vulnerable but have not been formally evaluated.
Affected Version(s)
Django 6.0 < 6.0.7
Django 5.2 < 5.2.16
Django 6.0.7
