By weakness (CWE)

CWE-524: related vulnerabilities

CVEs classified under CWE-524. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-35193LOW 3.1

    Django's cache middleware has a flaw that can leak private user data. When Django caches web responses, it's supposed to mark cached data as private (via the `Vary` header) if a request included authentication credentials. In Django 5.2 before version 5.2.15 and 6.0 before version 6.0.6, this protection doesn't work correctly. An attacker can make an unauthenticated request to the same URL a logged-in user visited, and Django may serve the cached private response—revealing sensitive information that should have been protected. Older Django versions (5.0.x, 4.1.x, 3.2.x) haven't been formally evaluated but may have the same problem.