Denial of Service Vulnerability in Python-Multipart by Kludex
CVE-2026-40347

5.3MEDIUM

Key Information:

Vendor: Kludex
Status: Python-multipart
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-40347?

The Python-Multipart library, designed for parsing multipart data in Python applications, has a vulnerability that could lead to denial of service. Specifically, versions earlier than 0.0.26 are at risk when handling specially crafted multipart/form-data requests containing large preamble or epilogue sections. Attackers can exploit this vulnerability to disrupt service by sending carefully crafted data. To mitigate this issue, it's crucial for users to upgrade to version 0.0.26 or later, as the update improves the handling of leading CR/LF data and ensures epilogue data is effectively discarded post-processing.

Affected Version(s)

python-multipart < 0.0.26

References

https://github.com/Kludex/python-multipart/security/advis...

x_refsource_CONFIRM

https://github.com/Kludex/python-multipart/releases/tag/0...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40347 Data

JSON