Multer

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-3520 HIGH PATCH This Week

Multer versions before 2.1.1 are susceptible to denial of service attacks when processing malformed multipart/form-data requests, which can trigger stack overflow conditions and crash Node.js applications. An unauthenticated remote attacker can exploit this vulnerability without user interaction to render affected services unavailable. The vulnerability affects Node.js applications using Multer for file upload handling, and patches are available in version 2.1.1 and later.

Node.js Stack Overflow Denial Of Service Multer

NVD GitHub VulDB

CVSS 3.1

7.5

EPSS

0.1%

CVE-2026-3520

EPSS 0% CVSS 7.5

HIGH PATCH This Week

Multer versions before 2.1.1 are susceptible to denial of service attacks when processing malformed multipart/form-data requests, which can trigger stack overflow conditions and crash Node.js applications. An unauthenticated remote attacker can exploit this vulnerability without user interaction to render affected services unavailable. The vulnerability affects Node.js applications using Multer for file upload handling, and patches are available in version 2.1.1 and later.

Node.js Stack Overflow Denial Of Service +1

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy