Django Software Foundation · Django · CVE-2026-8404
**Name of the Vulnerable Software and Affected Versions**
Django versions prior to 5.2.15
Django versions prior to 6.0.6
**Description**
An issue exists in `django.middleware.cache.UpdateCacheMiddleware` where `Cache-Control` response directives are not matched case-insensitively. This allows remote attackers to read responses that were incorrectly cached due to the use of uppercase or mixed-case values in the `Cache-Control` directives.
**Recommendations**
Update to version 5.2.15 or newer.
Update to version 6.0.6 or newer.