cbcvebase.
CVE-2026-42561
published 2026-05-13

CVE-2026-42561: Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.55%
41.8th percentile
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion. This vulnerability is fixed in 0.0.27.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
ansible-automation-platform-25lightspeed-chatbot-rhel8
ansible-automation-platform-26lightspeed-chatbot-rhel9
exploit-intelligence-tech-previewvulnerability-analysis-rhel9
kludexpython-multipart< 0.0.270.0.27
kludexpython-multipart>= 0 < 0.0.270.0.27
mtamta-solution-server-rhel9
openshift-lightspeedlightspeed-ocp-rag-rhel9
openshift-lightspeedlightspeed-service-api-rhel9
rhaiisvllm-cpu-rhel9
rhaiisvllm-neuron-rhel9
rhaiisvllm-spyre-rhel9
rhaiisvllm-tpu-rhel9
rhelai3bootc-aws-cuda-rhel9
rhelai3bootc-azure-cuda-rhel9
rhelai3bootc-azure-rocm-rhel9
rhelai3bootc-cuda-rhel9
rhelai3bootc-gaudi-rhel9
rhelai3bootc-gcp-cuda-rhel9
rhelai3bootc-rocm-rhel9
rhelai3disk-image-cuda-rhel9
rhoaiodh-caikit-nlp-rhel9
rhoaiodh-caikit-tgis-serving-rhel9
rhoaiodh-kserve-agent-rhel9
rhoaiodh-kserve-controller-rhel9
rhoaiodh-kserve-router-rhel9

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.