High severity7.5NVD Advisory· Published May 13, 2026· Updated May 14, 2026

CVE-2026-42561

Description

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion. This vulnerability is fixed in 0.0.27.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-pp6c-gr5w-3c5gghsaADVISORY
github.com/Kludex/python-multipart/security/advisories/GHSA-pp6c-gr5w-3c5gnvd
nvd.nist.gov/vuln/detail/CVE-2026-42561ghsa

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000