What is the CVSS score of EUVD-2026-19646?

EUVD-2026-19646 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for EUVD-2026-19646?

Yes, a public proof-of-concept exploit is available for EUVD-2026-19646. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for EUVD-2026-19646?

Yes, a patch is available for EUVD-2026-19646. Update the affected software to the latest version immediately.

Python EUVD-2026-19646

| CVE-2026-33033 MEDIUM

Inefficient Algorithmic Complexity (CWE-407)

2026-04-07 DSF

GHSA-5mf9-h53q-7mhq

Python Information Disclosure Red Hat Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

PoC Detected

Apr 08, 2026 - 21:27 vuln.today

Public exploit code

Patch released

Apr 07, 2026 - 21:31 nvd

Patch available

EUVD ID Assigned

Apr 07, 2026 - 15:00 euvd

EUVD-2026-19646

Analysis Generated

Apr 07, 2026 - 15:00 vuln.today

CVE Published

Apr 07, 2026 - 14:22 nvd

MEDIUM 6.5

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

13 pypi packages depend on django (13 direct, 0 indirect)

Ecosystem-wide dependent count for version 6.0.

DescriptionNVD

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

AnalysisAI

Django's MultiPartParser allows authenticated remote attackers to cause denial of service through performance degradation by submitting multipart uploads with Content-Transfer-Encoding: base64 and excessive whitespace. Affected versions include Django 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30, with unsupported series 5.0.x, 4.1.x, and 3.2.x potentially also vulnerable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

EUVD-2026-19646 vulnerability details – vuln.today

Back

Python EUVD-2026-19646

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Vendor StatusVendor

Share

External POC / Exploit Code