CVE-2026-40347 - Medium Severity Vulnerability
Vulnerable Library - python_multipart-0.0.20-py3-none-any.whl
A streaming multipart parser for Python
Library home page: https://files.pythonhosted.org/packages/45/58/38b5afbc1a800eeea951b9285d3912613f2603bdf897a4ab0f4bd7f405fc/python_multipart-0.0.20-py3-none-any.whl
Path to dependency file: /OPENAPI-REST-API/swagger-client/python-flask/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260402123536_MTXLIM/python_EKDBTK/202604021249581/env/lib/python3.9/site-packages/python_multipart-0.0.20.dist-info
Dependency Hierarchy:
- connexion-3.3.0-py3-none-any.whl (Root Library)
- ❌ python_multipart-0.0.20-py3-none-any.whl (Vulnerable Library)
Found in HEAD commit: 1f70e2feccb7006c8d32cc7d4fe62f5cf5e5c34d
Found in base branch: master
Vulnerability Details
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted "multipart/form-data" requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.
Publish Date: 2026-04-17
URL: CVE-2026-40347
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2026-04-17
Fix Resolution: python-multipart - 0.0.26
Step up your Open Source Security Game with Mend here
CVE-2026-40347 - Medium Severity Vulnerability
A streaming multipart parser for Python
Library home page: https://files.pythonhosted.org/packages/45/58/38b5afbc1a800eeea951b9285d3912613f2603bdf897a4ab0f4bd7f405fc/python_multipart-0.0.20-py3-none-any.whl
Path to dependency file: /OPENAPI-REST-API/swagger-client/python-flask/requirements.txt
Path to vulnerable library: /tmp/ws-ua_20260402123536_MTXLIM/python_EKDBTK/202604021249581/env/lib/python3.9/site-packages/python_multipart-0.0.20.dist-info
Dependency Hierarchy:
Found in HEAD commit: 1f70e2feccb7006c8d32cc7d4fe62f5cf5e5c34d
Found in base branch: master
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted "multipart/form-data" requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.
Publish Date: 2026-04-17
URL: CVE-2026-40347
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2026-04-17
Fix Resolution: python-multipart - 0.0.26
Step up your Open Source Security Game with Mend here