CVE-2026-24486 - Python-Multipart has Arbitrary File Write via Non-Default Configuration

CVE ID : CVE-2026-24486 Published : Jan. 27, 2026, 1:16 a.m. | 36 minutes ago Description : Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...