CVE-2026-33033 in Djangoالمعلومات

الملخص

بحسب MITRE • 07/04/2026

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

DSF

حجز

17/03/2026

إفشاء

07/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-355766

CPE

جاهز

CWE

CWE-407 (مؤكد)

CVSS

4.3 (VulDB)

EPSS

0.00049

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider, Lawfirm, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33033
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33033
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33033/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!