Django 6.x — End of Life
Active Medium risk EOL: Apr 30, 2027in 324d1 release in this series8 CVEs
Django 6.x — All releases
| Version | Released | Active support | EOL date | Latest patch | Status |
|---|---|---|---|---|---|
| 6.0 | Dec 3, 2025 | Aug 31, 2026 | Apr 30, 2027 | 6.0.6 | Active |
CVEs affecting Django 6.x (8)
| CVE | Severity | CVSS | EPSS | KEV | Cycle | Description | Published |
|---|---|---|---|---|---|---|---|
| CVE-2026-35192 | MEDIUM | 6.5 | 0.04% | — | 6.0 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session … | May 5, 2026 |
| CVE-2026-5766 | MEDIUM | 5.3 | 0.06% | — | 6.0 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-… | May 5, 2026 |
| CVE-2026-6907 | MEDIUM | 4.3 | 0.04% | — | 6.0 | An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erron… | May 5, 2026 |
| CVE-2026-35193 | LOW | 3.1 | 0.04% | — | 6.0 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware… | Jun 3, 2026 |
| CVE-2026-48587 | LOW | 3.1 | 0.04% | — | 6.0 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.cache.has_vary_header()` in Djan… | Jun 3, 2026 |
| CVE-2026-6873 | LOW | 3.1 | 0.01% | — | 6.0 | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.HttpRequest.get_signed_cookie` in… | Jun 3, 2026 |
| CVE-2026-7666 | LOW | 3.1 | 0.01% | — | 6.0 | An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.mail.backends.smtp.EmailBackend` … | Jun 3, 2026 |
| CVE-2026-8404 | LOW | 3.1 | 0.04% | — | 6.0 | An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middleware.cache.UpdateCacheMiddleware… | Jun 3, 2026 |
Frequently asked questions
Is Django 6 end of life?
No. Django 6.x is still supported until April 30, 2027. It continues to receive security patches and bug fixes.
What CVEs affect Django 6?
There are 8 CVEs tracked for Django 6.x. See the full list above with CVSS and EPSS scores.
What is the latest Django 6 version?
The latest Django 6.x patch release is 6.0.6, released on June 3, 2026. Always run the latest patch to benefit from all security fixes.
When was Django 6 first released?
Django 6.0 was initially released on December 3, 2025. See the full version timeline in the table above.
Is it safe to run Django 6 in production?
Django 6 is still supported and safe for production use until April 30, 2027. Ensure you are running the latest patch version (6.0.6) to have all security fixes applied.
Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA