Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Flask Website Sessions Exposed to Unwanted Data Sharing
Summary
A security update for Flask, a Python web framework, addresses a vulnerability that could allow unauthorized access to user session data. This means that sensitive information about a user's session might be inadvertently shared with others. To fix this, update Flask to the latest version.
What to do
- Update python-flask to version 2.3.2-150400.3.9.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | python-flask | <= 2.3.2-150400.3.9.1 | 2.3.2-150400.3.9.1 |
| – | python-flask | <= 2.3.2-150400.3.9.1 | 2.3.2-150400.3.9.1 |
Original title
Security update for python-Flask
Original description
This update for python-Flask fixes the following issue:
- CVE-2026-27205: information disclosure due to Flask session not adding the `Vary: Cookie` header (bsc#1258700).
- CVE-2026-27205: information disclosure due to Flask session not adding the `Vary: Cookie` header (bsc#1258700).
- https://www.suse.com/support/update/announcement/2026/suse-su-20260849-1/ Vendor Advisory
- https://bugzilla.suse.com/1258700 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-27205 URL
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026