ROOT-APP-PYPI-CVE-2026-28356 CVE-2026-28356 in rootio-multipart - Patched by Root

Root has patched CVE-2026-28356 in the rootio-multipart package for Root:PyPI. Multiple fixed versions available...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...

Fedora 43 : python-multipart (2026-5c75eb75d1)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5c75eb75d1 advisory. Update to version 1.3.1 to fix CVE-2026-28356. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora: Security Advisory (FEDORA-2026-5c75eb75d1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-28356 vulnerabilities

Vulnerabilities for packages: localstack...

CVE-2026-28356

A flaw was found in multipart. The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, causing an exponential backtracking ReDoS when parsing a specially crafted HTTP or multipart segment headers. A web application parsing request headers or...

warc2zim (=2.3.0) potentially affected by CVE-2026-28356 via multipart (=1.3.0)

multipart PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on multipart and may be impacted: - warc2zim =2.3.0 Source cves: CVE-2026-28356 Source advisory: SNYK:PYTHON-MULTIPART-15627582...

warc2zim (>=2.2.1 <=2.2.2) potentially affected by CVE-2026-28356 via multipart (=1.2.1)

multipart PYPI version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on multipart and may be impacted: - warc2zim =2.2.1, =2.2.2 Source cves: CVE-2026-28356 Source advisory: SNYK:PYTHON-MULTIPART-15627582...

warc2zim (=2.3.0) potentially affected by CVE-2026-28356 via multipart (=1.3.0)

multipart PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on multipart and may be impacted: - warc2zim =2.3.0 Source cves: CVE-2026-28356 Source advisory: OSV:GHSA-P2M9-WCP5-6QW3...

CVE-2026-28356

creationtimestamp| type| source ---|---|--- 2026-03-12 17:31:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mguwj7ocuh2c 2026-03-12 20:09:48+00:00| seen| https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mgv7eod5rta2 2026-03-13 07:40:05+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-28356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular...

Linux Distros Unpatched Vulnerability : CVE-2022-28356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c. CVE-2022-28356 Note that Nessus relies on the presence of the package as...

CVE-2023-28356

creationtimestamp| type| source ---|---|--- 2023-05-12 02:26:27+00:00| seen| https://t.me/cibsecurity/63936...

CVE-2023-28356

CVE-2023-28356 — Rocket.Chat is affected. A maliciously crafted message containing a specific chain of characters can cause a chat process to enter a hot loop, consuming approximately 120% CPU and rendering the service unresponsive. Public details indicate Rocket.Chat as the vulnerable software, ...

CBL Mariner 2.0 Security Update: kernel (CVE-2022-28356)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28356 advisory. - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/afllc.c. CVE-2022-28356 Note tha...

SUSE: Security Advisory (SUSE-SU-2022:3293-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the (SUSE-SU-2022:3293-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ubuntu: Security Advisory (USN-5500-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2090)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5466-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...