diff --git a/CVE-2025-26699.patch b/CVE-2025-26699.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f19385cd4da0560cb62cf51b561ddaf90c4eb5c2
--- /dev/null
+++ b/CVE-2025-26699.patch
@@ -0,0 +1,102 @@
+From 4f2765232336b8ad0afd8017d9d912ae93470017 Mon Sep 17 00:00:00 2001
+From: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
+Date: Tue, 25 Feb 2025 09:40:54 +0100
+Subject: [PATCH] [5.0.x] Fixed CVE-2025-26699 -- Mitigated potential DoS in
+ wordwrap template filter.
+
+Thanks sw0rd1ight for the report.
+
+Backport of 55d89e25f4115c5674cdd9b9bcba2bb2bb6d820b from main.
+---
+ django/utils/text.py                          | 28 +++++++------------
+ docs/releases/2.2.27.txt                      |  8 +++++-
+ .../filter_tests/test_wordwrap.py             | 11 ++++++++
+ 3 files changed, 28 insertions(+), 19 deletions(-)
+
+diff --git a/django/utils/text.py b/django/utils/text.py
+index 6631a00..c44d452 100644
+--- a/django/utils/text.py
++++ b/django/utils/text.py
+@@ -1,6 +1,7 @@
+ import html.entities
+ import re
+ import unicodedata
++import textwrap
+ from gzip import GzipFile
+ from io import BytesIO
+ 
+@@ -88,24 +89,15 @@ def wrap(text, width):
+     Don't wrap long words, thus the output text may have lines longer than
+     ``width``.
+     """
+-    def _generator():
+-        for line in text.splitlines(True):  # True keeps trailing linebreaks
+-            max_width = min((line.endswith('\n') and width + 1 or width), width)
+-            while len(line) > max_width:
+-                space = line[:max_width + 1].rfind(' ') + 1
+-                if space == 0:
+-                    space = line.find(' ') + 1
+-                    if space == 0:
+-                        yield line
+-                        line = ''
+-                        break
+-                yield '%s\n' % line[:space - 1]
+-                line = line[space:]
+-                max_width = min((line.endswith('\n') and width + 1 or width), width)
+-            if line:
+-                yield line
+-    return ''.join(_generator())
+-
++    wrapper = textwrap.TextWrapper(
++        width=width,
++        break_long_words=False,
++        break_on_hyphens=False,
++    )
++    result = []
++    for line in text.splitlines(True):
++        result.extend(wrapper.wrap(line))
++    return "\n".join(result)
+ 
+ class Truncator(SimpleLazyObject):
+     """
+diff --git a/docs/releases/2.2.27.txt b/docs/releases/2.2.27.txt
+index 688a482..f34bef8 100644
+--- a/docs/releases/2.2.27.txt
++++ b/docs/releases/2.2.27.txt
+@@ -4,7 +4,13 @@ Django 2.2.27 release notes
+ 
+ *February 1, 2022*
+ 
+-Django 2.2.27 fixes two security issues with severity "medium" in 2.2.26.
++Django 2.2.27 fixes three security issues with severity "medium" in 2.2.26.
++
++CVE-2025-26699: Potential denial-of-service vulnerability in ``django.utils.text.wrap()``
++=========================================================================================
++
++The ``wrap()`` and :tfilter:`wordwrap` template filter were subject to a
++potential denial-of-service attack when used with very long strings.
+ 
+ CVE-2022-22818: Possible XSS via ``{% debug %}`` template tag
+ =============================================================
+diff --git a/tests/template_tests/filter_tests/test_wordwrap.py b/tests/template_tests/filter_tests/test_wordwrap.py
+index 02f8605..f61842c 100644
+--- a/tests/template_tests/filter_tests/test_wordwrap.py
++++ b/tests/template_tests/filter_tests/test_wordwrap.py
+@@ -51,3 +51,14 @@ class FunctionTests(SimpleTestCase):
+             ), 14),
+             'this is a long\nparagraph of\ntext that\nreally needs\nto be wrapped\nI\'m afraid',
+         )
++
++    def test_wrap_long_text(self):
++        long_text = (
++            "this is a long paragraph of text that really needs"
++            " to be wrapped I'm afraid " * 20_000
++        )
++        self.assertIn(
++            "this is a\nlong\nparagraph\nof text\nthat\nreally\nneeds to\nbe wrapped\n"
++            "I'm afraid",
++            wordwrap(long_text, 10),
++        )
+-- 
+2.46.0
+
diff --git a/python-django.spec b/python-django.spec
index 5efff75a0eb349162e76273435116933eba853ac..713c3de2a7ce025c2fa37b382a3f1191103ac907 100644
--- a/python-django.spec
+++ b/python-django.spec
@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		python-django
 Version:	2.2.27
-Release:	14
+Release:	15
 Summary:	A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
 License:	Apache-2.0 and Python-2.0 and OFL-1.1 and MIT
 URL:		https://www.djangoproject.com/
@@ -38,6 +38,7 @@ Patch19:        CVE-2024-45230.patch
 Patch20:        CVE-2024-45231.patch
 Patch21:        CVE-2024-53907.patch
 Patch22:        CVE-2024-56374.patch
+Patch23:        CVE-2025-26699.patch
 
 BuildArch:	noarch
 %description
@@ -104,6 +105,12 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Wed Mar 12 2025 changtao <changtao@kylinos.cn> - 2.2.27-15
+- Type:CVE
+- CVE:CVE-2025-26699
+- SUG:NA
+- DESC:fix CVE-2025-26699
+
 * Fri Jan 17 2025 caodongxia <caodongxia@h-partners.com> - 2.2.27-14
 - Fix CVE-2024-56374