A vulnerability was detected in django-tastypie up to 0.15.1. Impacted is the function ApiKeyAuthentication of the file tastypie/authentication.py. The manipulation results in use of get request method with sensitive query strings. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The project was informed of the problem early through an issue report but has not responded yet.
History

Sun, 19 Jul 2026 03:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in django-tastypie up to 0.15.1. Impacted is the function ApiKeyAuthentication of the file tastypie/authentication.py. The manipulation results in use of get request method with sensitive query strings. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The project was informed of the problem early through an issue report but has not responded yet.
Title django-tastypie authentication.py ApiKeyAuthentication get request method with sensitive query strings
First Time appeared Django-tastypie
Django-tastypie django-tastypie
Weaknesses CWE-598
CPEs cpe:2.3:a:django-tastypie:django-tastypie:*:*:*:*:*:*:*:*
Vendors & Products Django-tastypie
Django-tastypie django-tastypie
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-07-19T02:30:08.210Z

Updated: 2026-07-19T02:30:08.210Z

Reserved: 2026-07-18T08:27:05.220Z

Link: CVE-2026-16207

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.