PT-2026-45948 · Django Software Foundation · Django
Jake Howard
+2
·
Published
2026-06-03
·
Updated
2026-06-06
·
CVE-2026-7666
CVSS v3.1
3.1
Low
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Django versions prior to 6.0.6
Django versions prior to 5.2.15
Description
An issue exists in
django.core.mail.backends.smtp.EmailBackend where the system fails to prevent the reuse of a partially-initialized connection following a failed STARTTLS handshake when the fail silently variable is set to True. This allows on-path network attackers to intercept and read email content in cleartext.Recommendations
Update to version 6.0.6 or later.
Update to version 5.2.15 or later.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Django