CVE-2026-3902
Publication date 7 April 2026
Last updated 7 April 2026
Ubuntu priority
Description
ASGI header spoofing via underscore/hyphen conflation
Read the notes from the security team
Why is this CVE low priority?
Django developers have rated this as being a low severity issue
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| python-django | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|