SUSE-SU-2026:1544-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issue: - CVE-2026-40347: crafted multipart/form-data can cause a denial of service bsc1262403...

CVE-2026-40347

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

Linux Distros Unpatched Vulnerability : CVE-2026-40347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted...

CVE-2026-40347 vulnerabilities

Vulnerabilities for packages: keep-fips, synapse, tritonserver-backend-vllm-cuda-13.0, vllm-openai-cuda-12.9, wazuh-manager-fips, litellm, airflow, semgrep, wazuh-manager, keep, kserve, tritonserver-backend-vllm-cuda-12.9, airflow-core...

10xscale-agentflow-cli (=0.1.5), admin-api-lib (>=3.2.0 <=3.4.0) +469 more potentially affected by CVE-2026-40347 via python-multipart (>=0.0.10 <=0.0.24)

python-multipart PYPI version =0.0.10, =3.2.0, =0.8.2.4, =0.1.0, =1.0.202504142220, =0.1.0, =0.4.0, =0.4.0, =0.1.0, =0.4.0, =1.6.21, =0.1.1, =0.1.0, =0.1.13 and more Source cves: CVE-2026-40347 Source advisory: SNYK:PYTHON-PYTHONMULTIPART-16078395...