CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-1207

mediumcovered by 2 sourcesfirst seen 2026-07-09
Serial number: AV26-084 Date: February 4, 2026 Updated: July 9, 2026 On February 3, 2026, Django published a security advisory to address vulnerabilities in the following products: Django 4.2 – versions prior to 4.2.28 Django 5.2 – versions prior to 5.2.11 Django 6.0 – versions prior to 6.0.2 Update 1 Open-source reporting indicates that CVE-2026-1207 is being exploited. The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available. Django Security Advisory

CSIRTS triage

vendor: Djangoproduct: DjangoOtheraffected: 4.2 prior to 4.2.28, 5.2 prior to 5.2.11, 6.0 prior to 6.0.2
What
A vulnerability has been identified in Django that may be exploited.
Who is affected
Users of Django versions prior to 4.2.28, 5.2.11, and 6.0.2 are affected.
Urgency
Remediation is urgent due to reported exploitation of CVE-2026-1207.
Action
Users should update to the latest versions of Django.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-1207

Get an email if CVE-2026-1207 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-1207

CVE.org record

Embed the live status

CVE-2026-1207 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-1207 status](https://www.csirts.com/badge/CVE-2026-1207)](https://www.csirts.com/cve/CVE-2026-1207)