Report Incident
× Home DPO CyberHub Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Security Alert: Active Exploitation of Django SQL Injection Vulnerability (CVE-2026-1207)

A high-severity vulnerability tracked as CVE-2026-1207 has been identified in the Django web framework and is currently being actively exploited by attackers. The vulnerability could allow unauthorized database access in affected systems.
 
Affected Systems:
  • Django 6.0: Versions 6.0.0 to 6.0.1
  • Django 5.2: Versions 5.2.0 to 5.2.10
  • Django 4.2: Versions 4.2.0 to 4.2.27
 
Security Risks
 
Successful exploitation could allow attackers to access or modify sensitive data, compromise database integrity, disrupt business operations, and impact the confidentiality, integrity, and availability of affected systems.
 
For additional information on Django security updates and available patches, please refer to the official Django Security Releases.

 
Recommended Actions
 
The National Cyber Security Authority (NCSA) recommends users and system administrators to:
 
1. Update affected Django installations as soon as possible to the latest supported security releases to address the vulnerability.
 
Upgrade to the following supported versions:
 
  • Django 6.0: Upgrade to version 6.0.2 or above
  • Django 5.2: Upgrade to version 5.2.11 or above
  • Django 4.2: Upgrade to version 4.2.28 or above
 
2. Before applying updates, ensure that a current and verified backup is available and can be restored if needed.
 
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.
 
References

14 July 2026

© 2026 National Cyber Security Authority