Lucene search
K

Python-Multipart has Arbitrary File Write via Non-Default Configuration

๐Ÿ—“๏ธย 26 Jan 2026ย 23:28:05Reported byย GitHub Advisory DatabaseTypeย 
github
ย github
๐Ÿ”—ย github.com๐Ÿ‘ย 7ย Views

Python-Multipart traversal enables writes when UPLOAD_DIR is set and UPLOAD_KEEP_FILENAME is true.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.
31 Mar 202613:54
โ€“ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
18 May 202607:00
โ€“ibm
IBM Security Bulletins
Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2026-24486,CVE-2025-50537,CVE-2026-24688)
20 Mar 202616:40
โ€“ibm
IBM Security Bulletins
Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in python_multipart
10 Apr 202608:27
โ€“ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software
2 Jun 202608:49
โ€“ibm
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses python_multipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486
6 Apr 202610:57
โ€“ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Python-Multipart bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage
17 Jun 202612:16
โ€“ibm
ATTACKERKB
CVE-2026-24486
27 Jan 202600:34
โ€“attackerkb
AlpineLinux
CVE-2026-24486
27 Jan 202600:34
โ€“alpinelinux
BDU FSTEC
The vulnerability of the UPLOAD_DIR configuration and the UPLOAD_KEEP_FILENAME=True setting in the python-multipart streaming multi-component parser allows a attacker to write arbitrary files.
30 Jan 202600:00
โ€“bdu_fstec
Rows per page
Vulners

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Jan 2026 03:24Current
6Medium risk
Vulners AI Score6
CVSS 3.17.5 - 8.6
EPSS0.02228
SSVC
7