CVE-2026-40347: python-multipart affected by Denial of Service via large multipart preamble or epilogue data

April 15, 2026

A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections.

References

github.com/Kludex/python-multipart
github.com/Kludex/python-multipart/releases/tag/0.0.26
github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj
github.com/advisories/GHSA-mj87-hwqh-73pj
nvd.nist.gov/vuln/detail/CVE-2026-40347

Code Behaviors & Features

Detect and mitigate CVE-2026-40347 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →