CVE-2026-25674

Name of the Vulnerable Software and Affected Versions Django versions 4.2 before 4.2.29 Django versions 5.2 before 5.2.12 Django versions 6.0 before 6.0.3 Django versions 3.2.x and earlier Django versions 4.1.x and earlier Django versions 5.0.x and earlier

Description A race condition exists in Django's file-system storage and file-based cache backends. This condition can lead to the creation of file system objects with incorrect permissions when concurrent requests are processed in multi-threaded environments. Specifically, a temporary umask change made by one thread can affect other threads, resulting in unintended file permissions. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) may also be affected.

Recommendations Update Django to version 4.2.29 or later. Update Django to version 5.2.12 or later. Update Django to version 6.0.3 or later. Update Django to a version later than 3.2.x. Update Django to a version later than 4.1.x. Update Django to a version later than 5.0.x.