Skip to main content

Multer

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-3520 npm HIGH PATCH This Week

Multer versions before 2.1.1 are susceptible to denial of service attacks when processing malformed multipart/form-data requests, which can trigger stack overflow conditions and crash Node.js applications. An unauthenticated remote attacker can exploit this vulnerability without user interaction to render affected services unavailable. The vulnerability affects Node.js applications using Multer for file upload handling, and patches are available in version 2.1.1 and later.

Denial Of Service Node.js Stack Overflow Red Hat Multer
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-3520 npm
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Multer versions before 2.1.1 are susceptible to denial of service attacks when processing malformed multipart/form-data requests, which can trigger stack overflow conditions and crash Node.js applications. An unauthenticated remote attacker can exploit this vulnerability without user interaction to render affected services unavailable. The vulnerability affects Node.js applications using Multer for file upload handling, and patches are available in version 2.1.1 and later.

Denial Of Service Node.js Stack Overflow +2
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy