Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-2359

Опубликовано: 27 фев. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

A flaw was found in Multer, a Node.js middleware for handling multipart/form-data. A remote attacker can exploit this vulnerability by intentionally dropping a connection during a file upload. This can lead to a Denial of Service (DoS) due to resource exhaustion on the affected system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/cluster-logging-operator-bundleNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/cluster-logging-rhel9-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/eventrouter-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/fluentd-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/log-file-metric-exporter-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-view-plugin-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/vector-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/vector-rhel9Not affected
Red Hat Developer Hubrhdh/rhdh-hub-rhel9Affected
Red Hat Enterprise Linux 10fido-device-onboardNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-772
https://bugzilla.redhat.com/show_bug.cgi?id=2443350multer: Multer: Denial of Service via dropped file upload connections

EPSS

Процентиль: 4%
0.00017
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-2359

CVSS3: 7.5
nvd
29 дней назад

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

github логотип

GHSA-v52c-386h-88mc

github
28 дней назад

Multer vulnerable to Denial of Service via resource exhaustion

EPSS

Процентиль: 4%
0.00017
Низкий

7.5 High

CVSS3