Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Flask Web Application May Leak User Session Data
SUSE-SU-2026:0849-1
Summary
A security update is available for Flask, a popular Python web framework. This update fixes a issue that could allow attackers to access sensitive user session information. Update your Flask installation to the latest version to prevent this issue.
What to do
- Update python-flask to version 2.3.2-150400.3.9.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | python-flask | <= 2.3.2-150400.3.9.1 | 2.3.2-150400.3.9.1 |
| – | python-flask | <= 2.3.2-150400.3.9.1 | 2.3.2-150400.3.9.1 |
Original title
Security update for python-Flask
Original description
This update for python-Flask fixes the following issue:
- CVE-2026-27205: information disclosure due to Flask session not adding the `Vary: Cookie` header (bsc#1258700).
- CVE-2026-27205: information disclosure due to Flask session not adding the `Vary: Cookie` header (bsc#1258700).
- https://www.suse.com/support/update/announcement/2026/suse-su-20260849-1/ Vendor Advisory
- https://bugzilla.suse.com/1258700 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-27205 URL
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026