CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

CVE-2026-24486

CVE-2026-24486 affects the Python-Multipart project. Prior to 0.0.22, non-default configuration options UPLOAD_DIR and UPLOAD_KEEP_FILENAME=True allow path traversal enabling writing uploaded files to arbitrary filesystem locations. Mitigation is upgrading to 0.0.22 or avoiding UPLOAD_KEEP_FILENA...

python3.12 security update

3.12.12-4.0.1 - Remove upstream URL reference 3.12.12-4 - Release bump to correct the build for wrong release Related: RHEL-141026 3.12.12-3 - Security fix for CVE-2025-13836 Resolves: RHEL-141026 3.12.12-2 - Security fix for CVE-2025-12084 Resolves: RHEL-135399...

python3.11 security update

3.11.13-4.0.1 - Update rpm-macros description Orabug: 36024572 3.11.13-4 - Security fix for CVE-2025-13836 Resolves: RHEL-140992 3.11.13-3 - Security fix for CVE-2025-12084 Resolves: RHEL-135390...

python3.11 security update

3.11.13-5.0.1 - Remove upstream URL reference Orabug: 36073032 3.11.13-5 - Security fix for CVE-2025-13836 Resolves: RHEL-141025 3.11.13-4 - Security fix for CVE-2025-12084 Resolves: RHEL-135395...

OPENSUSE-SU-2026:10103-1 python311-orjson-3.11.5-1.1 on GA media

These are all security issues fixed in the python311-orjson-3.11.5-1.1 package on the GA media of openSUSE Tumbleweed...

ALSA-2026:1374 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

RHEL 8 : python3.11 (RHSA-2026:1374)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1374 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 9 : python3.11 (RHSA-2026:1410)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1410 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Linux Distros Unpatched Vulnerability : CVE-2026-24486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration...

python-multipart path traversal vulnerability

Python-Multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions of Python-Multipart prior to 0.0.22 contained a path traversal vulnerability. This vulnerability occurred when non-default configuration options such as UPLOADDIR and UPLOADKEEPFILENAME=True...

AlmaLinux 9 : python3.11-urllib3 (ALSA-2026:1089)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:1089 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

AlmaLinux 9 : python-urllib3 (ALSA-2026:1087)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:1087 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

ALSA-2026:1408 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:1410 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...