CVE-2026-8404 – Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

CVE ID :CVE-2026-8404

Published : June 3, 2026, 2:16 p.m. | 16 minutes ago

Description :An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.
`django.middleware.cache.UpdateCacheMiddleware` in Django does not match `Cache-Control` response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their `Cache-Control` directives used uppercase or mixed-case values.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Ahmed Badawe for reporting this issue.

Severity: 3.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-50033 – Acronis DeviceLock DLP DLL Hijacking Privilege Escalation

CVE-2026-44682 – Acronis DeviceLock DLP DLL Hijacking Local Privilege Escalation

CVE-2026-44609 – Acronis DeviceLock DLP Privilege Escalation via EXE Hijacking

CVE-2026-43924 – FOSSBilling has an open redirect via administrator-configured redirect targets