Node.js CVE-2026-3304
Incomplete Cleanup (CWE-459)
GHSA-xf7r-hgr6-v32p
Lifecycle Timeline
3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 16:16 nvd
N/A
Blast Radius
ecosystem impact
— you monitor
† from your stack dependencies
† transitive graph · vuln.today resolves 4-path depth
- 8 npm packages depend on multer (5 direct, 3 indirect)
Ecosystem-wide dependent count for version 2.1.0.
DescriptionNVD
Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.
AnalysisAI
Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion.
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).