CVE-2023-46136

HIGH

Werkzeug < 2.3.8 and 3.0.0 - Denial of Service via Crafted Multipart Data

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46136. PoCs published by JawadPy.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-66221, targeting Werkzeug versions prior to 3.1.4. The exploit leverages a DoS vulnerability by sending concurrent requests to a Windows device name (e.g., CON), causing the server to hang.

Description

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on the 2.x branch prior to 2.3.8, if an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1 and 2.3.8.

Exploits (1)

nomisec WORKING POC

by JawadPy · poc

https://github.com/JawadPy/WerkGhost

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-66221, targeting Werkzeug versions prior to 3.1.4. The exploit leverages a DoS vulnerability by sending concurrent requests to a Windows device name (e.g., CON), causing the server to hang.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Werkzeug < 3.1.4

No auth needed

Prerequisites: Target server running on Windows · Network access to the target URL

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory

https://security.netapp.com/advisory/ntap-20231124-0008/

Vendor Advisory x_refsource_confirm

https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw

Patch x_refsource_misc

https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2

View Patch ZIP pw:eip

Scores

CVSS v3 8.0

EPSS 0.0088

EPSS Percentile 75.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-400 CWE-407 CWE-787

Status published

Products (7)

pallets/werkzeug >= 2.0.0rc1, < 2.3.8

pallets/werkzeug >= 3.0.0, < 3.0.1

palletsprojects/werkzeug 3.0.0

palletsprojects/werkzeug < 2.3.8

pypi/Werkzeug 2.0.0rc1 - 2.3.8PyPI

pypi/werkzeug 3.0.0 - 3.0.1PyPI

pypi/Werkzeug 3.0.0 - 3.0.1PyPI

Published Oct 25, 2023

Tracked Since Feb 18, 2026