PT-2026-53420 · Pypi · Django-S3File

Published

2026-06-29

·

Updated

2026-06-29

CVSS v4.0

9.9

Critical

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Impact

S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES
Depending on how files are handled, this may lead to confidentiality and integrity issues.

Patches

Django-S3File urges all users to update to a patched version >=7.0.2.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

PYSEC-2026-328

Affected Products

Django-S3File