Performance Degradation Issue in Django Framework
CVE-2026-33033

6.5MEDIUM

Key Information:

Vendor

Djangoproject

Status
Django
Vendor
CVE Published:
7 April 2026

What is CVE-2026-33033?

The Django Framework suffers from a vulnerability in the MultiPartParser component, allowing remote attackers to significantly degrade application performance. This issue arises when attackers submit multipart uploads with 'Content-Transfer-Encoding: base64' that contain excessive whitespace. Although recent versions have been patched, earlier unsupported versions of Django may also be at risk, emphasizing the importance of regular updates and monitoring.

Affected Version(s)

Django 6.0 < 6.0.4

Django 5.2 < 5.2.13

Django 4.2 < 4.2.30

References

https://docs.djangoproject.com/en/dev/releases/security/
vendor-advisory
https://groups.google.com/g/django-announce
mailing-list
https://www.djangoproject.com/weblog/2026/apr/07/security...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Seokchan Yoon
Natalia Bidart
Jacob Walls
.