Python Multipart

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-24486 HIGH POC PATCH This Week

Arbitrary file write in Python-Multipart versions before 0.0.22 allows remote attackers to store uploaded files to any filesystem location when non-default configuration options UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True are enabled. An attacker can exploit this path traversal vulnerability by crafting malicious filenames in multipart uploads, potentially overwriting critical system or application files. Public exploit code exists for this vulnerability; affected users should upgrade to version 0.0.22 or disable UPLOAD_KEEP_FILENAME=True as an interim mitigation.

Python Path Traversal Python Multipart Redhat Suse
NVD GitHub
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-24486
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Arbitrary file write in Python-Multipart versions before 0.0.22 allows remote attackers to store uploaded files to any filesystem location when non-default configuration options UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True are enabled. An attacker can exploit this path traversal vulnerability by crafting malicious filenames in multipart uploads, potentially overwriting critical system or application files. Public exploit code exists for this vulnerability; affected users should upgrade to version 0.0.22 or disable UPLOAD_KEEP_FILENAME=True as an interim mitigation.

Python Path Traversal Python Multipart +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy