CVE-2026-42561: Python-Multipart DoS Vulnerability Patched
The National Vulnerability Database has disclosed CVE-2026-42561, a high-severity denial of service (DoS) vulnerability in Python-Multipart, a Python streaming multipart parser. Prior to version 0.0.27, the MultipartParser component lacked limits on the number or size of part headers when parsing multipart/form-data.
This oversight allowed an attacker to craft requests containing either numerous repeated headers or a single, excessively large header value. Such requests could force the server to perform intensive CPU work, potentially leading to a DoS condition before the request could even be rejected or fully processed. The National Vulnerability Database assigns this a CVSS score of 7.5 (HIGH), citing its network-exploitable nature without requiring user interaction or privileges.
The vulnerability is addressed in Python-Multipart version 0.0.27. Organizations using older versions are exposed to straightforward DoS attacks that can significantly impact service availability. This isn’t theoretical; unpatched applications are ripe for exploitation by anyone looking to disrupt services with minimal effort.
What This Means For You
- If your Python applications utilize `python-multipart`, you need to immediately verify your installed version. Upgrade to `0.0.27` or later to mitigate CVE-2026-42561. Failing to patch leaves your services vulnerable to simple denial of service attacks that can bring down critical operations.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
DoS Traffic Pattern Detection
title: DoS Traffic Pattern Detection
id: scw-2026-05-13-1
status: experimental
level: high
description: |
Detects volumetric traffic patterns consistent with denial of service attacks targeting your infrastructure.
author: SCW Feed Engine (auto-generated)
date: 2026-05-13
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-42561/
tags:
- attack.impact
- attack.t1499
logsource:
category: firewall
detection:
selection:
dst_port:
- 80
- 443
condition: selection | count(src_ip) by dst_ip > 1000
falsepositives:
- Legitimate activity from CVE-2026-42561
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-42561 | DoS | python-multipart < 0.0.27 |
| CVE-2026-42561 | DoS | MultipartParser header parsing without limits |
| CVE-2026-42561 | DoS | Excessive CPU work due to many repeated headers or single very large header value in multipart/form-data |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 14, 2026 at 00:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
OPNsense RCE: Critical Flaw Allows Root Access via DHCP Input
CVE-2026-45158 — OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the...
Hoppscotch CVE-2026-44478: Unauthenticated Infrastructure Secret Leak
CVE-2026-44478 — hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2.0 addresses the unauthenticated POST /v1/onboarding/config endpoint by checking...
CVE-2026-44471: gitoxide Symlink Vulnerability Exposes Filesystem to Attack
CVE-2026-44471 — gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out...