CVE-2025-26699

Publication date 6 March 2025

Last updated 12 March 2025

Ubuntu priority

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-django	24.10 oracular	Fixed 3:4.2.15-1ubuntu1.3
	24.04 LTS noble	Fixed 3:4.2.11-1ubuntu1.6
	22.04 LTS jammy	Fixed 2:3.2.12-2ubuntu1.17
	20.04 LTS focal	Fixed 2:2.2.12-1ubuntu0.28
	18.04 LTS bionic	Fixed 1:1.11.11-1ubuntu1.21+esm10 Ubuntu Pro
	16.04 LTS xenial	Needs evaluation

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

References

Related Ubuntu Security Notices (USN)

USN-7335-1
Django vulnerability
6 March 2025

Other references

https://www.cve.org/CVERecord?id=CVE-2025-26699