CVE-2026-33033

Publication date 7 April 2026

Last updated 8 April 2026

Ubuntu priority

Why this priority?

Description

Potential denial-of-service vulnerability in MultiPartParser via base64-encoded file upload

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python-django	25.10 questing	Fixed 3:5.2.4-1ubuntu2.4
	24.04 LTS noble	Fixed 3:4.2.11-1ubuntu1.15
	22.04 LTS jammy	Fixed 2:3.2.12-2ubuntu1.26
	20.04 LTS focal	Fixed 2:2.2.12-1ubuntu0.29+esm8
	18.04 LTS bionic	Fixed 1:1.11.11-1ubuntu1.21+esm15
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation

How can I get the fixes?
What do statuses mean?

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro 30-day free trial

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-8154-1
Django vulnerabilities
7 April 2026

Other references

https://www.cve.org/CVERecord?id=CVE-2026-33033
https://www.djangoproject.com/weblog/2026/apr/07/security-releases/