CVE-2026-28356
📋 TL;DR
This CVE describes a Regular Expression Denial of Service (ReDoS) vulnerability in the multipart Python library. Attackers can craft malicious HTTP or multipart headers that cause exponential backtracking, leading to CPU exhaustion and denial of service. Any web application using vulnerable versions of the multipart library to parse request headers or multipart/form-data streams is affected.
💻 Affected Systems
- multipart Python library
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to CPU exhaustion, potentially affecting all users of the vulnerable application.
Likely Case
Degraded performance or temporary service disruption for affected endpoints parsing malicious headers.
If Mitigated
Minimal impact with proper rate limiting, request size limits, and updated library versions.
🎯 Exploit Status
Exploitation requires sending specially crafted HTTP/multipart headers to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.2, 1.3.1, or 1.4.0-dev
Vendor Advisory: https://github.com/defnull/multipart/security/advisories/GHSA-p2m9-wcp5-6qw3
Restart Required: Yes
Instructions:
1. Identify multipart library version in your Python environment. 2. Update to 1.2.2, 1.3.1, or 1.4.0-dev using pip: 'pip install multipart==1.2.2'. 3. Restart your application services.
🔧 Temporary Workarounds
Implement request size limits
allLimit the size of HTTP headers and multipart data to reduce impact of potential attacks.
# Configure in your web server or application framework
Add rate limiting
allImplement rate limiting on endpoints that parse multipart/form-data.
# Use middleware like django-ratelimit or flask-limiter
🧯 If You Can't Patch
- Implement WAF rules to block suspicious header patterns
- Monitor CPU usage and set alerts for abnormal spikes
🔍 How to Verify
Check if Vulnerable:
Check multipart version with: 'pip show multipart' or 'python -c "import multipart; print(multipart.__version__)"'Check Version:
pip show multipart | grep VersionVerify Fix Applied:
Verify version is 1.2.2, 1.3.1, or 1.4.0-dev using the same commands📡 Detection & Monitoring
Log Indicators:
- Unusually long processing times for multipart requests
- High CPU usage spikes
Network Indicators:
- Requests with unusually long or complex headers
- Repeated requests to multipart endpoints
SIEM Query:
source=application_logs AND (message="*multipart*" OR message="*header*parse*") AND duration>5s