5.3
CVE-2026-40347
- EPSS 0.35%
- Veröffentlicht 18.04.2026 00:16:38
- Zuletzt bearbeitet 24.04.2026 16:51:19
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginPython-Multipart affected by Denial of Service via large multipart preamble or epilogue data
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fastapiexpert ≫ Python-multipart SwPlatformpython Version < 0.0.26
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.267 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CWE-834 Excessive Iteration
The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
https://github.com/Kludex/python-multipart/releases/tag/0.0.26
https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj