CVE-2026-40347

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.26

Description An issue exists when parsing crafted multipart/form-data requests containing large preamble or epilogue sections. Two inefficient parsing paths can be abused: the parser handles leading CR and LF bytes inefficiently while searching for the first boundary, and it continues processing trailing epilogue data after the closing boundary instead of discarding it. This allows an attacker to send oversized malformed multipart bodies that consume excessive CPU time, reducing request-handling capacity and delaying legitimate requests, which degrades availability.

Recommendations Upgrade to version 0.0.26 or later.