HIGH
Djangoproject
CVE published 2026-03-03
CVE-2026-25673
CVE-2026-25673 is a high-severity denial of service vulnerability affecting Django's URLField.to_python() function. The issue arises from the function's use of urllib.parse.urlsplit(), which performs NFKC normalization on Windows. This process is disproportionately slow for certain Unicode characters, allowing remote attackers to cause denial of service via large URL inputs containing these characters. Th [truncated]