Primary

Context

Multer Denial-of-Service Vulnerability via Incomplete Request Handling

Vulnerability

A denial-of-service vulnerability has been identified in Multer, a Node.js middleware for processing multipart/form-data. This issue affects Multer versions prior to 2.1.0. The vulnerability allows attackers to send malformed requests that can lead to resource exhaustion, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by exhausting server resources.

Reproduction

The vulnerability can be reproduced by sending a malformed multipart/form-data request to a server using an affected version of Multer. This can be done by including orphaned files in the request, which the server may not properly clean up, leading to resource exhaustion.

Remediation

Users are advised to upgrade to Multer version 2.1.0 or later, where this vulnerability has been patched.

Added: Feb 27, 2026, 4:18 PM

Updated: Feb 27, 2026, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

3.3

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

3.3

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Multer Denial-of-Service Vulnerability via Incomplete Request Handling

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating