Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Multer for Root: Unauthenticated File Uploads Possible
ROOT-APP-NPM-CVE-2026-3520
Summary
The Multer package for Root allows an attacker to upload files without proper authentication, potentially leading to unauthorized access. This has been patched, and updating to a fixed version is recommended to ensure the security of your Root setup.
What to do
- Update rootio @rootio/multer to version 2.0.2-root.io.1.
- Update rootio @rootio/multer to version 2.0.2-root.io.3.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| rootio | @rootio/multer | <= 2.0.2-root.io.1 | 2.0.2-root.io.1 |
| rootio | @rootio/multer | <= 2.0.2-root.io.3 | 2.0.2-root.io.3 |
Original title
CVE-2026-3520 in @rootio/multer - Patched by Root
Original description
Root has patched CVE-2026-3520 in the @rootio/multer package for Root:npm. Multiple fixed versions available.
Published: 9 Mar 2026 · Updated: 9 Mar 2026 · First seen: 6 Mar 2026