CVE-2026-1207

Confirmed PUBLISHED

Potential SQL injection via raster lookups on PostGIS

djangoproject · Django

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
22
Unique Attacker IPs
5
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
5.4 Medium EPSS 9.4%

At a Glance

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

CVE Published
Feb 03, 2026
Exploited Since
Jun 12, 2026
CVSS
5.4 Medium
EPSS
9.4%
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Red Hat
Red Hat Ansible Automation Platform 2.5 for RHEL 8

All versions (default: affected)

Affected
Red Hat
Red Hat Satellite 6.16 for RHEL 8

All versions (default: affected)

Affected
Red Hat
Red Hat Ansible Automation Platform 2.5 for RHEL 9

All versions (default: affected)

Affected
Red Hat
Red Hat Ansible Automation Platform 2.6 for RHEL 9

All versions (default: affected)

Affected
Red Hat
Red Hat Satellite 6.16 for RHEL 9

All versions (default: affected)

Affected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

All versions (default: affected)

Affected
Red Hat
Red Hat Satellite 6.18 for RHEL 9

All versions (default: affected)

Affected
Red Hat
Red Hat Ansible Automation Platform 2.5

All versions (default: affected)

Affected
Red Hat
Red Hat Ansible Automation Platform 2.6

All versions (default: affected)

Affected
Red Hat
Red Hat Discovery 2

All versions (default: affected)

Affected
Red Hat
Red Hat Satellite 6.18

All versions (default: affected)

Affected
Red Hat
Red Hat Ansible Automation Platform 2

All versions (default: affected)

Affected
Red Hat
Red Hat Satellite 6

All versions (default: affected)

Affected
Red Hat
Red Hat Update Infrastructure 4 for Cloud Providers

All versions (default: affected)

Affected
Red Hat
Red Hat Ansible Automation Platform 2.6 for RHEL 10

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat OpenStack Platform 16.2

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat OpenStack Platform 17.1

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat OpenStack Platform 18.0

All versions (default: unaffected)

Unaffected
djangoproject
Django

django

6.0 to < 6.0.2

Affected
djangoproject
Django

django

6.0.2

Unaffected
djangoproject
Django

django

5.2 to < 5.2.11

Affected
djangoproject
Django

django

5.2.11

Unaffected
djangoproject
Django

django

4.2 to < 4.2.28

Affected
djangoproject
Django

django

4.2.28

Unaffected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.