Memory Handling Vulnerability in Python-Multipart by Kludex
CVE-2026-53540

3.7LOW

Key Information:

Vendor: Kludex
Status: Python-multipart
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-53540?

The Python-Multipart library, used for handling multipart requests in Python, is susceptible to a memory handling vulnerability that arises when the parse_form() function fails to properly validate the Content-Length header before processing. This oversight can potentially allow a negative Content-Length value to transform the bounded read operation into a read-until-EOF situation, resulting in the entire body being loaded into memory in a single unchunked read. This behavior can lead to significant memory consumption and may potentially exhaust the system's resources. The issue has been rectified in version 0.0.31.

Affected Version(s)

python-multipart < 0.0.31

References

https://github.com/Kludex/python-multipart/security/advis...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53540 Data

JSON