What is CVE-2026-33033?

CVE-2026-33033 is a vulnerability in Djangoproject Django, classified under Inefficient Algorithmic Complexity. Published 2026-04-07.

Is CVE-2026-33033 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Djangoproject Django

CVE-2026-33033

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including exce…

EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.

Affected products

Djangoproject Django — versions 6.0, 6.0.4, 5.2

Weakness classification (CWE)

CWE-407 — Inefficient Algorithmic Complexity

Public proof-of-concept exploits

ch4n3-yoon/CVE-2026-33033-PoC

References

Django security archive (vendor-advisory)
Django releases announcements (mailing-list)
Django security releases issued: 6.0.4, 5.2.13, and 4.2.30 (vendor-advisory)

Frequently asked questions

What is CVE-2026-33033?: CVE-2026-33033 is a vulnerability in Djangoproject Django, classified under Inefficient Algorithmic Complexity. Published 2026-04-07.
Is CVE-2026-33033 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.