Primary

Context

OctoPrint Denial-of-Service Vulnerability via Malformed Multipart/Form-Data Request

Vulnerability

Patched

A denial-of-service vulnerability has been identified in OctoPrint versions prior to 1.11.2. This issue allows any unauthenticated attacker to send a manipulated multipart/form-data request that disrupts the OctoPrint web server. The vulnerability arises when the request lacks a proper end boundary, causing the server to enter an endless loop searching for a missing part. Since Tornado, the underlying web framework, operates in a single-threaded manner, this loop effectively freezes the entire web server.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the OctoPrint web server to become unresponsive and blocking all incoming requests.

Remediation

Users can upgrade to OctoPrint version 1.11.2 or later to address this vulnerability. Additionally, OctoPrint administrators are advised not to expose the application to untrusted networks, such as the internet.

Added: Jun 10, 2025, 5:09 PM

Updated: Jun 10, 2025, 5:09 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

8.4

remediation

7.9

relevance

0.2

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

8.4

remediation

7.9

relevance

0.2

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OctoPrint Denial-of-Service Vulnerability via Malformed Multipart/Form-Data Request

Vulnerability

Impact

Remediation

Affected Products

OctoPrint

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating