CVE-2026-48588
The CVE-2026-48588 issue affects Django 6.0 before 6.0.7 and 5.2 before 5.2.16. It arises in UpdateCacheMiddleware and the cache_page() decorator, which cache responses that vary on cookies even when the request contains unrelated cookies. This can allow remote attackers to read private data from...