Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Python Multipart Software Can Be Slowed Down by Malicious File Uploads
GHSA-mj87-hwqh-73pj
CVE-2026-40347
Summary
The Python multipart library can be exploited to cause a slowdown in file uploads, making it harder for legitimate users to access the system. This issue affects how the library handles certain types of file uploads and can be fixed by upgrading to the latest version of the library.
What to do
- Update python-multipart to version 0.0.26.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | python-multipart |
< 0.0.26 Fix: upgrade to 0.0.26
|
Original title
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble ...
Original description
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.
ghsa CVSS3.1
5.3
Vulnerability type
CWE-400
Uncontrolled Resource Consumption
CWE-834
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 15 Apr 2026