CVE-2026-33033: CWE-407: Inefficient Algorithmic Complexity in djangoproject Django
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
AI Analysis
Technical Summary
This vulnerability involves inefficient algorithmic complexity (CWE-407) in the MultiPartParser of Django web framework versions 6.0 (before 6.0.4), 5.2 (before 5.2.13), and 4.2 (before 4.2.30). Attackers can submit multipart uploads with base64 encoding containing excessive whitespace, causing performance degradation. The issue was reported by Seokchan Yoon. Unsupported earlier Django versions have not been evaluated but may be vulnerable. No CVSS score or official remediation level is currently available.
Potential Impact
The impact is a potential denial of service through performance degradation by remote attackers submitting specially crafted multipart uploads. There is no indication of code execution or data breach. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the official Django vendor advisory for current remediation guidance. Users should monitor for updates and apply official patches once available. Until then, consider limiting multipart upload sizes or applying custom input validation to mitigate excessive whitespace in base64 encoded multipart data.
CVE-2026-33033: CWE-407: Inefficient Algorithmic Complexity in djangoproject Django
Description
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves inefficient algorithmic complexity (CWE-407) in the MultiPartParser of Django web framework versions 6.0 (before 6.0.4), 5.2 (before 5.2.13), and 4.2 (before 4.2.30). Attackers can submit multipart uploads with base64 encoding containing excessive whitespace, causing performance degradation. The issue was reported by Seokchan Yoon. Unsupported earlier Django versions have not been evaluated but may be vulnerable. No CVSS score or official remediation level is currently available.
Potential Impact
The impact is a potential denial of service through performance degradation by remote attackers submitting specially crafted multipart uploads. There is no indication of code execution or data breach. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the official Django vendor advisory for current remediation guidance. Users should monitor for updates and apply official patches once available. Until then, consider limiting multipart upload sizes or applying custom input validation to mitigate excessive whitespace in base64 encoded multipart data.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- DSF
- Date Reserved
- 2026-03-17T17:36:23.992Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d51c3baaed68159a2c14e5
Added to database: 4/7/2026, 3:01:15 PM
Last enriched: 4/7/2026, 3:18:45 PM
Last updated: 4/8/2026, 12:46:52 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.