<Vulnerability name="CVE-2026-53878">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Low</ThreatSeverity>
    <PublicDate>2026-07-07T14:00:00</PublicDate>
    <Bugzilla id="2497329" url="https://bugzilla.redhat.com/show_bug.cgi?id=2497329" xml:lang="en:us">
django: Django: HTTP header injection via DomainNameValidator accepting newlines
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>3.7</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-113</CWE>
    <Details xml:lang="en:us" source="Mitre">
An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16.
`DomainNameValidator` does not prohibit newlines in domain names (unless used via a form field, since `CharField` strips newlines). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because `HttpResponse` prohibits newlines in HTTP headers.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Bence Nagy for reporting this issue.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in Django. django.core.validators.DomainNameValidator accepted newline characters in domain name input. When applications use this validator outside Django form fields and include the validated value in HTTP response headers, a remote attacker could perform HTTP header injection. Django core is not affected because HttpResponse rejects newlines in headers, and CharField strips newlines by default.
    </Details>
    <Statement xml:lang="en:us">
This flaw has a Low impact on Red Hat products. A vulnerability in Django's `DomainNameValidator` allows newline characters, which could enable HTTP header injection if validated values are directly used in HTTP response headers outside of Django's standard form handling. However, Django's core HTTP response mechanisms and default form field behaviors prevent this issue in typical deployments by rejecting or stripping newline characters. Exploitation requires a specific, non-default application implementation.
    </Statement>
    <Mitigation xml:lang="en:us">
To mitigate this issue, ensure that custom Django applications do not directly place values validated by `DomainNameValidator` into HTTP response headers without further sanitization. Applications should rely on Django's default form handling and `HttpResponse` functionality, which automatically prevent newline injection. If direct header manipulation is unavoidable, implement explicit input sanitization to remove newline characters before constructing HTTP response headers.
    </Mitigation>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-24/lightspeed-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-25/lightspeed-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-26/controller-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-26/eda-controller-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-26/gateway-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-26/hub-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-26/lightspeed-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-27/aap-cloud-billing-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-27/controller-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-27/eda-controller-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-27/gateway-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-27/hub-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-27/lightspeed-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-27/metrics-service-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform/automation-dashboard-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-tech-preview/metrics-service-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>automation-controller</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:discovery:2::el9">
        <ProductName>Red Hat Discovery 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>discovery/discovery-server-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:satellite:6">
        <ProductName>Red Hat Satellite 6</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>satellite/iop-advisor-backend-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_portal:2">
        <ProductName>Self-service automation portal 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform/bootc-automation-portal-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-53878
https://nvd.nist.gov/vuln/detail/CVE-2026-53878
    </References>
</Vulnerability>