cbcvebase.
CVE-2026-40347
published 2026-04-18

CVE-2026-40347: Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.35%
26.9th percentile
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.

Affected

42 ranges· showing 25
VendorProductVersion rangeFixed in
ansible-automation-platform-25lightspeed-chatbot-rhel8
ansible-automation-platform-26lightspeed-chatbot-rhel9
ansible-automation-platform-26mcp-tools-rhel9
fastapiexpertpython-multipart< 0.0.260.0.26
kludexpython-multipart< 0.0.260.0.26
kludexpython-multipart>= 0 < 0.0.260.0.26
lightspeed-corelightspeed-stack-rhel9
lightspeed-corerag-tool-rhel9
mtamta-solution-server-rhel9
openshift-lightspeedlightspeed-ocp-rag-rhel9
openshift-lightspeedlightspeed-service-api-rhel9
rhaiisvllm-cpu-rhel9
rhaiisvllm-cuda-rhel9
rhaiisvllm-neuron-rhel9
rhaiisvllm-rocm-rhel9
rhaiisvllm-spyre-rhel9
rhaiisvllm-tpu-rhel9
rhelai3bootc-aws-cuda-rhel9
rhelai3bootc-azure-cuda-rhel9
rhelai3bootc-azure-rocm-rhel9
rhelai3bootc-cuda-rhel9
rhelai3bootc-gcp-cuda-rhel9
rhelai3bootc-rocm-rhel9
rhelai3disk-image-cuda-rhel9
rhoaiodh-caikit-nlp-rhel9

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.