PatchSiren cyber security CVE debrief
CVE-2026-42561 Kludex CVE debrief
CVE-2026-42561 is a denial of service vulnerability in the Python-Multipart library. The vulnerability exists in versions prior to 0.0.27 and is caused by a lack of limits on the number of part headers or the size of an individual part header when parsing multipart/form-data. An attacker could exploit this vulnerability by sending a request with many repeated headers or a single large header value, causing excessive CPU work before the request is rejected or completed. The vulnerability was fixed in version 0.0.27. Users of Python-Multipart should update to the latest version to mitigate this vulnerability. The CVSS score for this vulnerability is 7.5, indicating a high severity.
- Vendor
- Kludex
- Product
- python-multipart
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-13
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-05-13
- Advisory updated
- 2026-06-30
Who should care
Developers and administrators using the Python-Multipart library in their applications should be aware of this vulnerability and take steps to mitigate it. This includes updating to version 0.0.27 or later and reviewing their applications for potential exposure. Additionally, users of Red Hat products may be affected, as indicated by the presence of Red Hat references in the vulnerability data.
Technical summary
The Python-Multipart library is vulnerable to a denial of service attack due to a lack of limits on the number of part headers or the size of an individual part header. This vulnerability can be exploited by sending a request with many repeated headers or a single large header value, causing excessive CPU work. The vulnerability is fixed in version 0.0.27. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high severity vulnerability that can be exploited remotely with low attack complexity.
Defensive priority
High priority should be given to updating the Python-Multipart library to version 0.0.27 or later. Additionally, administrators should review their applications for potential exposure and consider implementing compensating controls to mitigate the vulnerability.
Recommended defensive actions
- Update the Python-Multipart library to version 0.0.27 or later
- Review applications for potential exposure to the vulnerability
- Consider implementing compensating controls to mitigate the vulnerability
- Monitor for suspicious activity that may indicate exploitation of the vulnerability
- Review and update incident response plans to address potential denial of service attacks
Evidence notes
The vulnerability data includes references to the Python-Multipart GitHub repository and Red Hat security advisories. The CVSS score and vector are also provided, indicating a high severity vulnerability. However, the exact scope of affected systems and potential impact is not explicitly stated, and further investigation may be necessary to fully understand the vulnerability.
Official resources
-
CVE-2026-42561 CVE record
CVE.org
-
CVE-2026-42561 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance and is based on the supplied source corpus.