CVE-2026-24136: Django Missing File Upload Validation
An uploaded file is accessed without prior validation. Direct usage of `FILES` without an explicit validation function can lead to unrestricted file uploads, enabling Stored XSS or Remote Code Execution. Ensure the file's MIME type and extension are securely validated before processing its attributes or saving it locally.
greprules fetch cve-2026-24136-django-missing-file-upload-validation --engine opengrepDescription
An uploaded file is accessed without prior validation. Direct usage of `FILES` without an explicit validation function can lead to unrestricted file uploads, enabling Stored XSS or Remote Code Execution. Ensure the file's MIME type and extension are securely validated before processing its attributes or saving it locally.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.