CVE-2026-1207

Publication date 3 February 2026

Last updated 3 February 2026

Ubuntu priority

Description

Potential SQL injection via raster lookups on PostGIS

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-django	25.10 questing	Fixed 3:5.2.4-1ubuntu2.3
	24.04 LTS noble	Fixed 3:4.2.11-1ubuntu1.14
	22.04 LTS jammy	Fixed 2:3.2.12-2ubuntu1.25
	20.04 LTS focal	Fixed 2:2.2.12-1ubuntu0.29+esm7
	18.04 LTS bionic	Fixed 1:1.11.11-1ubuntu1.21+esm14
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected

How can I get the fixes?
What do statuses mean?

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro 30-day free trial

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-8009-1
Django vulnerabilities
3 February 2026

Other references

https://www.cve.org/CVERecord?id=CVE-2026-1207
https://www.djangoproject.com/weblog/2026/feb/03/security-releases/