top of page
perceptive_background_267k.jpg

multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parse_options_header() function in multipart.py uses a regul…

Published:

11 March 2026 at 23:00:00

Alert date:

12 March 2026 at 22:25:09

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

The Python multipart library contains a Regular Expression Denial of Service (ReDoS) vulnerability in versions prior to 1.2.2, 1.3.1, and 1.4.0-dev. The parse_options_header() function uses a regex with ambiguous alternation that causes exponential backtracking when parsing malicious HTTP or multipart headers. This vulnerability can be exploited to perform denial of service attacks against web applications that use this library for parsing request headers or multipart/form-data streams. The issue has been patched in the specified versions.

Technical details

Mitigation steps:

Affected products:

Python multipart library

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-28356
https://github.com/defnull/multipart/security/advisories/GHSA-p2m9-wcp5-6qw3

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page