CVE-2026-42196
django-s3file: Relative path traversal
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
23th
django-s3file is a lightweight file upload input for Django and Amazon S3. Prior to 7.0.2, S3FileMiddleware is vulnerable to relative path traversal attacks, where an attacker can use a modified request to escape pre-signed upload locations and have the Django application load files from random locations into request.FILES. Depending on how files are handled, this may lead to confidentiality and integrity issues. This vulnerability is fixed in 7.0.2.
| CWE | CWE-22 CWE-26 |
| Vendor | codingjoe |
| Product | django-s3file |
| Published | May 12, 2026 |
| Last Updated | May 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for codingjoe django-s3file
Be the first to know when new unknown vulnerabilities affecting codingjoe django-s3file are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
codingjoe / django-s3file
< 7.0.2