CVE-2026-42185: Django Drf Uninitialized Auth Model Password
A Django REST Framework `ModelSerializer` for an identity-related model overrides `create()` but does not explicitly set an unusable password. For models inheriting from `AbstractBaseUser`, the password field defaults to an insecure empty string, which may lead to authentication bypass if authentication backends fail to reject it. Explicitly set the password
Pythongreprules fetch cve-2026-42185-django-drf-uninitialized-auth-model-password --engine opengrepDescription
A Django REST Framework `ModelSerializer` for an identity-related model overrides `create()` but does not explicitly set an unusable password. For models inheriting from `AbstractBaseUser`, the password field defaults to an insecure empty string, which may lead to authentication bypass if authentication backends fail to reject it. Explicitly set the password
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0