securityonline.info 7/10/2026, 3:41:03 AM · external

Django SQLi bug CVE-2026-1207 exploited, patch urged

Django SQLi bug CVE-2026-1207 exploited, patch urged
CyberSIXT Evidence Panel
Primary Source djangoproject.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

CVE- 2026-1207 is a high-severity SQL injection vulnerability in Django, with a CVSS score of 8.3. It affects versions >= 6.0a1, < 6.0.2, >= 5.2a1, < 5.2.11, and >= 4.2a1, < 4.2.28, specifically during RasterField lookups in PostGIS databases. The flaw has been confirmed to be exploited in the wild, enabling low-privilege attackers to potentially read, change, or delete database records. The vulnerability was patched in versions 6.0.2, 5.2.11, and 4.2.28, released on February 3, 2026. Affected users are urged to update immediately, while those unable to patch should audit their queries and tighten database permissions.

View Primary Source Via securityonline.info

Article by CyberSIXT