Bug 2459381 (CVE-2026-40347)
| Summary: | CVE-2026-40347 python-multipart: Python-Multipart: Denial of Service via crafted multipart/form-data requests | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | alinfoot, anpicker, anthomas, aprice, bbrownin, bparees, caswilli, dfreiber, drow, dschmidt, dtrifiro, ebourniv, ehelms, erezende, ggainey, hasun, ilpinto, jburrell, jdobes, jfula, jkoehler, jlanda, jowilson, jsamir, juwatts, jwong, kaycoth, kshier, lgallett, lphiri, ltomasbo, mbarnett, mhayden, mhulan, nmoumoul, nyancey, oezr, omaciel, ometelka, orabin, osousa, pcreech, ptisnovs, rbryant, rchan, rjohnson, sbunciak, sdoran, simaishi, smallamp, smcdonal, stcannon, syedriko, teagle, tmalecek, ttakamiy, vkumar, weaton, xdharmai, yguenane, ykashtan |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Python-Multipart, a tool for processing web form data. A remote attacker could exploit this vulnerability by sending specially crafted web requests. These requests, containing unusually large sections of data before or after the main content, could cause the system to become unresponsive. This leads to a denial of service, preventing legitimate users from accessing the service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-04-18 01:01:28 UTC
|