CVE-2026-42561: CWE-770: Allocation of Resources Without Limits or Throttling in Kludex python-multipart
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion. This vulnerability is fixed in 0.0.27.
AI Analysis
Technical Summary
The python-multipart library versions before 0.0.27 contain a denial of service vulnerability (CWE-770) due to lack of limits on the number and size of multipart part headers when parsing multipart/form-data. This allows an attacker to cause excessive CPU usage by sending requests with numerous repeated headers or very large header values, potentially leading to service unavailability. The vulnerability is addressed in python-multipart version 0.0.27.
Potential Impact
Exploitation of this vulnerability can cause denial of service by exhausting CPU resources during multipart/form-data parsing. There is no impact on confidentiality or integrity. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Upgrade python-multipart to version 0.0.27 or later, where this vulnerability is fixed. Since the vulnerability is resolved in this version, applying this update is the recommended remediation. Patch status is confirmed by the version fix information. No additional mitigations are specified.
CVE-2026-42561: CWE-770: Allocation of Resources Without Limits or Throttling in Kludex python-multipart
Description
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion. This vulnerability is fixed in 0.0.27.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The python-multipart library versions before 0.0.27 contain a denial of service vulnerability (CWE-770) due to lack of limits on the number and size of multipart part headers when parsing multipart/form-data. This allows an attacker to cause excessive CPU usage by sending requests with numerous repeated headers or very large header values, potentially leading to service unavailability. The vulnerability is addressed in python-multipart version 0.0.27.
Potential Impact
Exploitation of this vulnerability can cause denial of service by exhausting CPU resources during multipart/form-data parsing. There is no impact on confidentiality or integrity. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Upgrade python-multipart to version 0.0.27 or later, where this vulnerability is fixed. Since the vulnerability is resolved in this version, applying this update is the recommended remediation. Patch status is confirmed by the version fix information. No additional mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-28T16:56:50.192Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a04e7d1cbff5d86100a84f7
Added to database: 5/13/2026, 9:06:25 PM
Last enriched: 5/13/2026, 9:22:00 PM
Last updated: 5/14/2026, 6:46:38 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.