Django Python Framework Creates Files with Incorrect Permissions

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Django Python Framework Creates Files with Incorrect Permissions

OESA-2026-1508

Summary

Django, a popular Python framework for building web applications, has a security issue that can cause files to be created with incorrect permissions. This can happen when multiple requests are made at the same time, potentially allowing an attacker to access sensitive data. To stay secure, update Django to the latest version or patch level to fix this issue.

What to do

Update python-django to version 4.2.15-13.oe2203sp4.

Affected software

Vendor	Product	Affected versions	Fix available
–	python-django	<= 4.2.15-13.oe2203sp4	4.2.15-13.oe2203sp4

Original title

python-django security update

Original description

A high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Security Fix(es):

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's temporary `umask` change affects other threads in multi-threaded environments. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.(CVE-2026-25674)

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-25674 Vendor Advisory

Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026