Streaming Multipart Parser Vulnerability in Python-Multipart by Kludex
CVE-2026-53537

3.7LOW

Key Information:

Vendor: Kludex
Status: Python-multipart
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-53537?

A vulnerability exists in the Python-Multipart parser, where prior versions allow maliciously crafted Content-Disposition and Content-Type headers to be misinterpreted. Specifically, due to improper parsing methods before version 0.0.30, an attacker can exploit this flaw to bypass security measures in components adhering to RFC 7578. By leveraging differences in header interpretation, malicious actors might smuggle unintended data to the backend server, potentially leading to unauthorized actions or data exposure.

Affected Version(s)

python-multipart < 0.0.30

References

https://github.com/Kludex/python-multipart/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53537 Data

JSON