CVE-2026-53540
published 2026-06-22CVE-2026-53540: Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound…
PriorityP415low3.7CVSS 3.1
AVNACHPRNUINSUCNINAL
EPSS
0.22%
12.1th percentile
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. This vulnerability is fixed in 0.0.31.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastapiexpert | python-multipart | < 0.0.31 | 0.0.31 |
| kludex | python-multipart | < 0.0.31 | 0.0.31 |
| kludex | python-multipart | >= 0 < 0.0.31 | 0.0.31 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Kludex python-multipart up to 0.0.30 on Python parse_form improper validation of specified quantity in input (GHSA-v9pg-7xvm-68hf)
vuldb·2026-06-22·CVSS 3.7
CVE-2026-53540 [LOW] Kludex python-multipart up to 0.0.30 on Python parse_form improper validation of specified quantity in input (GHSA-v9pg-7xvm-68hf)
A vulnerability identified as problematic has been detected in Kludex python-multipart up to 0.0.30 on Python. Affected is the function parse_form. This manipulation causes improper validation of specified quantity in input.
This vulnerability is registered as CVE-2026-53540. Remote exploitation of the attack is possible. No exploit is available.
You should upgrade the affected component.
GHSA
python-multipart: Negative Content-Length in parse_form buffers the entire body in memory
ghsa·2026-06-15
CVE-2026-53540 [LOW] CWE-1284 python-multipart: Negative Content-Length in parse_form buffers the entire body in memory
python-multipart: Negative Content-Length in parse_form buffers the entire body in memory
### Summary
`parse_form()` did not validate the `Content-Length` header before using it to bound its chunked read of the request body. A negative `Content-Length` turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks.
### Details
`parse_form()` reads the input stream in chunks, never reading more than the remaining `Content-Length` at a time. The per-chunk size is computed as `min(content_length - bytes_read, chunk_size)`. The header value was parsed to an integer without checking its sign, so a `Content-Length` of `-1` made this expression negative, and `input_stream.read(-1)` reads until end of stream. The intend
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-22
Published