Skip to main content

Python Multipart

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-24486 PyPI HIGH POC PATCH This Week

Arbitrary file write in Python-Multipart versions before 0.0.22 allows remote attackers to store uploaded files to any filesystem location when non-default configuration options UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True are enabled. An attacker can exploit this path traversal vulnerability by crafting malicious filenames in multipart uploads, potentially overwriting critical system or application files. Public exploit code exists for this vulnerability; affected users should upgrade to version 0.0.22 or disable UPLOAD_KEEP_FILENAME=True as an interim mitigation.

Python Path Traversal Python Multipart Red Hat Suse
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-24486 PyPI
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Arbitrary file write in Python-Multipart versions before 0.0.22 allows remote attackers to store uploaded files to any filesystem location when non-default configuration options UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True are enabled. An attacker can exploit this path traversal vulnerability by crafting malicious filenames in multipart uploads, potentially overwriting critical system or application files. Public exploit code exists for this vulnerability; affected users should upgrade to version 0.0.22 or disable UPLOAD_KEEP_FILENAME=True as an interim mitigation.

Python Path Traversal Python Multipart +2
NVD GitHub Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy