CVE-2026-24486

high

Red Hat

CVSS v3 Base Score

8.6

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Published: January 27, 2026

Last Modified: January 27, 2026

Vendor: Red Hat

Description

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Users should upgrade to version 0.0.22 to receive a patch or, as a workaround, avoid using `UPLOAD_KEEP_FILENAME=True` in project configurations.

CWE

CWE-22

Affected Products

Lightspeed CoreOpenShift LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)Red Hat Satellite 6Red Hat AI Inference Server 3.2Red Hat Ansible Automation Platform 2.6Red Hat OpenShift AI 2.25

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-24486

Vulnerability Report

Description

CWE

Affected Products

Fix Status

References