ByteOS Network

CVE Vulnerability Details :

CVE-2026-40347

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-17 Apr, 2026 | 23:56

Updated At-17 Apr, 2026 | 23:56

▼CVE Numbering Authority (CNA)

Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.

Affected Products

Vendor

Kludex

Product

python-multipart

Versions

Affected

< 0.0.26

Problem Types

Type	CWE ID	Description
CWE	CWE-400	CWE-400: Uncontrolled Resource Consumption
CWE	CWE-834	CWE-834: Excessive Iteration

Type: CWE

CWE ID: CWE-400

Description: CWE-400: Uncontrolled Resource Consumption

Type: CWE

CWE ID: CWE-834

Description: CWE-834: Excessive Iteration

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Hyperlink	Resource
https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj	x_refsource_CONFIRM
https://github.com/Kludex/python-multipart/releases/tag/0.0.26	x_refsource_MISC

Hyperlink: https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/Kludex/python-multipart/releases/tag/0.0.26

Resource:

x_refsource_MISC

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References