What is the CVSS score of CVE-2026-33033?

CVE-2026-33033 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for CVE-2026-33033?

Yes, a public proof-of-concept exploit is available for CVE-2026-33033. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-33033?

Yes, a patch is available for CVE-2026-33033. Update the affected software to the latest version immediately.

Python CVE-2026-33033

EUVD-2026-19646 MEDIUM

Inefficient Algorithmic Complexity (CWE-407)

2026-04-07 DSF

GHSA-5mf9-h53q-7mhq

Python Information Disclosure Red Hat Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

PoC Detected

Apr 08, 2026 - 21:27 vuln.today

Public exploit code

Patch released

Apr 07, 2026 - 21:31 nvd

Patch available

EUVD ID Assigned

Apr 07, 2026 - 15:00 euvd

EUVD-2026-19646

Analysis Generated

Apr 07, 2026 - 15:00 vuln.today

CVE Published

Apr 07, 2026 - 14:22 nvd

MEDIUM 6.5

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

13 pypi packages depend on django (13 direct, 0 indirect)

Ecosystem-wide dependent count for version 6.0.

DescriptionNVD

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

AnalysisAI

Django's MultiPartParser allows authenticated remote attackers to cause denial of service through performance degradation by submitting multipart uploads with Content-Transfer-Encoding: base64 and excessive whitespace. Affected versions include Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30, with unsupported series 5.0.x, 4.1.x, and 3.2.x potentially also vulnerable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory