CVE-2025-26699: Django vulnerable to Allocation of Resources Without Limits or Throttling

March 6, 2025

An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The django.utils.text.wrap() method and wordwrap template filter are subject to a potential denial-of-service attack when used with very long strings.

References

docs.djangoproject.com/en/dev/releases/security
github.com/advisories/GHSA-p3fp-8748-vqfq
github.com/django/django
groups.google.com/g/django-announce
nvd.nist.gov/vuln/detail/CVE-2025-26699
www.djangoproject.com/weblog/2025/mar/06/security-releases

Detect and mitigate CVE-2025-26699 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →