Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2026-1285

Good to know:

icon
icon

Date: February 3, 2026

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. "django.utils.text.Truncator.chars()" and "Truncator.words()" methods (with "html=True") and the "truncatechars_html" and "truncatewords_html" template filters allow a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

Severity Score

Related Resources (9)

https://groups.google.com/g/django-announce
https://docs.djangoproject.com/en/dev/releases/security/
https://docs.djangoproject.com/en/dev/releases/security
https://www.djangoproject.com/weblog/2026/feb/03/security-releases
https://github.com/django/django/commit/a33540b3e20b5d759aa8b2e4b9ca0e8edd285344
https://nvd.nist.gov/vuln/detail/CVE-2026-1285
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/
https://github.com/django/django
https://www.mend.io/vulnerability-database/CVE-2026-1285

Severity Score

Weakness Type (CWE)

Inefficient Algorithmic Complexity

CWE-407

Top Fix

icon

Upgrade Version

Upgrade to version django - 6.0.2;django - 5.2.11;django - 4.2.28;django - 6.0.2;https://github.com/django/django.git - 6.0.2;https://github.com/django/django.git - 5.2.11;https://github.com/django/django.git - 4.2.28

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us