Bug 2491466 (CVE-2026-53538)
| Summary: | CVE-2026-53538 python-multipart: Python-Multipart: Information disclosure due to parser differential in form data handling | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | alinfoot, anpicker, anthomas, aprice, bbrownin, bparees, dfreiber, dkeler, drow, dschmidt, dtrifiro, ebourniv, ehelms, ggainey, hasun, ilpinto, jburrell, jdobes, jfula, jlanda, jowilson, jpasqual, jsamir, juwatts, jwong, kaycoth, kshier, lgallett, ltomasbo, mbarnett, mhayden, mhulan, nmoumoul, nyancey, oezr, omaciel, ometelka, orabin, osousa, pcreech, prwatson, ptisnovs, rbryant, rchan, rjohnson, sbunciak, sdoran, simaishi, smallamp, stcannon, suppawar, syedriko, teagle, thason, tmalecek, ttakamiy, vkumar, weaton, xdharmai, yguenane, ykashtan |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Python-Multipart, a tool used for processing web form data. A remote attacker could exploit a vulnerability where the software incorrectly interprets certain characters as separators in web form data. This difference in interpretation compared to standard web practices allows an attacker to bypass security checks and inject additional data fields. This could lead to unauthorized information disclosure.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-06-22 18:03:03 UTC
|