OPENSUSE-SU-2026:20373-1 Security update for python-Django

This update for python-Django fixes the following issues: Changes in python-Django: - CVE-2026-25674: Fixed race condition which can lead to potential incorrect permissions on newly created file system objects bsc1259142...

CVE-2026-25674 vulnerabilities

Vulnerabilities for packages: authentik-fips, label-studio, awx...

CVE-2026-25674

A flaw was found in Django. A race condition in the file-system storage and file-based cache backends allows an attacker to create file system objects with incorrect permissions. This vulnerability arises from concurrent requests in multi-threaded environments, where a temporary umask change in o...

CVE-2026-25674

creationtimestamp| type| source ---|---|--- 2026-03-03 15:57:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg653lnve62y 2026-03-03 17:52:57+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mg6djszlsg2s...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2026-25674 via django (>=4.2.0 <=4.2.28)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2026-25674 Source advisory: OSV:GHSA-MJGH-79QC-68W3...