CVE-2026-1207

Confirmed PUBLISHED

Potential SQL injection via raster lookups on PostGIS

djangoproject · Django

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
20
Unique Attacker IPs
6
CISA KEV
Not yet in CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
5.4 Medium EPSS 9.4%

At a Glance

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

nuclei_scanner
CVE Published
Feb 03, 2026
Exploited Since
Jun 12, 2026
CVSS
5.4 Medium
EPSS
9.4%
Remote Low complexity No user interaction

Affected Versions

40 version rows · page 1 of 2

Vendor Product Version Status
Red Hat
Red Hat Ansible Automation Platform 2.5 for RHEL 8

python3.12-django

0:4.2.28-1.el8ap to < *

Unaffected
Red Hat
Red Hat Ansible Automation Platform 2.5 for RHEL 9

python3.12-django

0:4.2.28-1.el9ap to < *

Unaffected
Red Hat
Red Hat Ansible Automation Platform 2.6 for RHEL 9

python3.12-django

0:4.2.28-1.el9ap to < *

Unaffected
Red Hat
Red Hat Satellite 6.16 for RHEL 8

python-django

0:4.2.28-0.1.el8pc to < *

Unaffected
Red Hat
Red Hat Satellite 6.16 for RHEL 9

python-django

0:4.2.28-0.1.el9pc to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

foreman

0:3.14.0.14-1.el9sat to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

libcomps

0:0.1.23-0.3.el9pc to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

python-brotli

0:1.2.0-0.1.el9pc to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

python-django

0:4.2.28-0.1.el9pc to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

python-pulp-container

0:2.22.3-1.el9pc to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

python-pulp-rpm

0:3.27.10-2.el9pc to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

rubygem-fog-kubevirt

0:1.5.1-1.el9sat to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

rubygem-foreman_kubevirt

0:0.4.3-1.el9sat to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

rubygem-katello

0:4.16.0.14-1.el9sat to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

rubygem-rubyipmi

0:0.13.0-1.el9sat to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

satellite

0:6.17.7-1.el9sat to < *

Unaffected
Red Hat
Red Hat Satellite 6.17 for RHEL 9

yggdrasil-worker-forwarder

0:0.0.3-4.el9sat to < *

Unaffected
Red Hat
Red Hat Satellite 6.18 for RHEL 9

python3.12-django

0:4.2.30-1.el9pc to < *

Unaffected
Red Hat
Red Hat Ansible Automation Platform 2.5

ansible-automation-platform-25/lightspeed-rhel8

1772214630 to < *

Unaffected
Red Hat
Red Hat Ansible Automation Platform 2.6

ansible-automation-platform-26/lightspeed-rhel9

1772552788 to < *

Unaffected
Red Hat
Red Hat Discovery 2

discovery/discovery-server-rhel9

1770913597 to < *

Unaffected
Red Hat
Red Hat Satellite 6.18

satellite/iop-advisor-backend-rhel9

1773451075 to < *

Unaffected
Red Hat
Red Hat Ansible Automation Platform 2

ansible-automation-platform-24/de-minimal-rhel8

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Ansible Automation Platform 2

ansible-automation-platform-24/de-minimal-rhel9

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Ansible Automation Platform 2

ansible-automation-platform-25/de-minimal-rhel8

All versions (default: unaffected)

Unaffected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.