CVE-2026-3520
EUVD-2026-942304.03.2026, 17:16
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| expressjs | multer | 𝑥 < 2.1.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Red Hat | Red Hat Developer Hub 1.8 | 1774545605 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Developer Hub 1.9 | 1775140647 ≤ 𝑥 < * | ADP |
Common Weakness Enumeration
- CWE-674 - Uncontrolled RecursionThe product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
- CWE-770 - Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
References