Memory Disclosure Vulnerability in Django Web Framework
CVE-2026-53877

6.3MEDIUM

Key Information:

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-53877?

A vulnerability in Django's GDALRaster component allows for potential over-read of in-memory buffers, possibly disclosing adjacent memory contents. This issue stems from how GDALRaster, constructed from a bytes object, accesses its vsi_buffer property. The vulnerability may result in segmentation faults, leading to service degradation. Previous versions in unsupported series, such as 5.0.x and 4.1.x, are also suspected to be vulnerable but have not been formally evaluated.

Affected Version(s)

Django 6.0 < 6.0.7

Django 5.2 < 5.2.16

Django 6.0.7

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bence Nagy
Jacob Walls
Jacob Walls
.