PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-42561 Kludex CVE debrief

CVE-2026-42561 is a denial of service vulnerability in the Python-Multipart library. The vulnerability exists in versions prior to 0.0.27 and is caused by a lack of limits on the number of part headers or the size of an individual part header when parsing multipart/form-data. An attacker could exploit this vulnerability by sending a request with many repeated headers or a single large header value, causing excessive CPU work before the request is rejected or completed. The vulnerability was fixed in version 0.0.27. Users of Python-Multipart should update to the latest version to mitigate this vulnerability. The CVSS score for this vulnerability is 7.5, indicating a high severity.

Vendor
Kludex
Product
python-multipart
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-13
Original CVE updated
2026-06-30
Advisory published
2026-05-13
Advisory updated
2026-06-30

Who should care

Developers and administrators using the Python-Multipart library in their applications should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.0.27 or later and reviewing their applications for potential exposure. Additionally, users of Red Hat products may be affected, as indicated by the presence of Red Hat references in the vulnerability data.

Technical summary

The Python-Multipart library is vulnerable to a denial of service attack due to a lack of limits on the number of part headers or the size of an individual part header. This vulnerability can be exploited by sending a request with many repeated headers or a single large header value, causing excessive CPU work. The vulnerability is fixed in version 0.0.27. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high severity vulnerability that can be exploited remotely with low attack complexity.

Defensive priority

High priority should be given to updating the Python-Multipart library to version 0.0.27 or later. Additionally, administrators should review their applications for potential exposure and consider implementing compensating controls to mitigate the vulnerability.

Recommended defensive actions

  • Update the Python-Multipart library to version 0.0.27 or later
  • Review applications for potential exposure to the vulnerability
  • Consider implementing compensating controls to mitigate the vulnerability
  • Monitor for suspicious activity that may indicate exploitation of the vulnerability
  • Review and update incident response plans to address potential denial of service attacks

Evidence notes

The vulnerability data includes references to the Python-Multipart GitHub repository and Red Hat security advisories. The CVSS score and vector are also provided, indicating a high severity vulnerability. However, the exact scope of affected systems and potential impact is not explicitly stated, and further investigation may be necessary to fully understand the vulnerability.

Official resources

This article was generated with AI assistance and is based on the supplied source corpus.