PT-2025-9994 · Django+6 · Django+6

Sw0Rd1Ight

Published

2025-03-06

Updated

2026-01-03

CVE-2025-26699

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.19 Django versions 5.0 through 5.0.12 Django versions 5.1 through 5.1.6

Description A potential denial-of-service attack can occur when the django.utils.text.wrap() method and wordwrap template filter are used with very long strings.

Recommendations For Django versions 4.2 through 4.2.19, update to version 4.2.20 or later. For Django versions 5.0 through 5.0.12, update to version 5.0.13 or later. For Django versions 5.1 through 5.1.6, update to version 5.1.7 or later.

Fix

DoS

RCE

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-770

Related Identifiers

ALT-PU-2025-10176

ALT-PU-2025-4236

BDU:2025-08558

BDU:2025-08584

BIT-DJANGO-2025-26699

CVE-2025-26699

DLA-4086-1

GHSA-P3FP-8748-VQFQ

MGASA-2025-0095

OESA-2025-1260

OPENSUSE-SU-2025:14908-1

OPENSUSE-SU-2025:14913-1

OPENSUSE-SU-2025_0959-1

OPENSUSE-SU-2026:10005-1

PYSEC-2025-13

RHSA-2025:3160

RHSA-2025:4553

RHSA-2025:8609

SUSE-SU-2025:0959-1

USN-7335-1

Affected Products

Alt Linux

Debian

Django

Linuxmint

Red Os

Suse

Ubuntu

PT-2025-9994 · Django+6 · Django+6

CVE-2025-26699

Weakness Enumeration

Related Identifiers

Affected Products

References · 117