CVE-2026-40347— Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40347
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data
Source: NVD (National Vulnerability Database)
Vulnerability Description
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
python-multipart 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
python-multipart是Marcelo Trylesinski个人开发者的一个Python的流式多部分解析器。 Python-Multipart 0.0.26之前版本存在安全漏洞,该漏洞源于解析特制的multipart/form-data请求时,大型前导或结尾部分可能导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Kludex | python-multipart | < 0.0.26 | - |
II. Public POCs for CVE-2026-40347
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40347
请登录查看更多情报信息。
- Release Version 0.0.26 · Kludex/python-multipart · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-40347
IV. Related Vulnerabilities
Same vendor: Kludex
Same weakness: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. Comments for CVE-2026-40347
No comments yet