Vulnerabilities

CVE-2026-25673 - Potential denial-of-service vulnerability in URLField via Unicode normalization ...

2026-03-03 0 views admin

CVE ID : CVE-2026-25673 Published : March 3, 2026, 3:16 p.m. | 57 minutes ago Description : An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial of service via large URL inputs containing these characters. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-25673

Published

March 3, 2026

Affected Product: Windows

Impact: denial of service

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-25673windows

CVE-2026-25673 - Potential denial-of-service vulnerability in URLField via Unicode normalization ...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-62815 - Samsung Exynos NULL Pointer Dereference Denial of Service

CVE-2025-62814 - Samsung Exynos Denial of Service Vulnerability

CVE-2025-66680 - WiseCleaner Wise Force Deleter Arbitrary File Deletion Vulnerability

CVE-2025-66363 - Samsung Exynos 2200 LBS Memory Initialization Vulnerability

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting