Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.3
Multer File Uploads Can Crash Your Website
CVE-2026-2359
GHSA-v52c-386h-88mc
CVE-2026-2359
Summary
A bug in older versions of Multer can cause your website to crash when handling large file uploads, potentially making it unavailable to users. This happens if an attacker intentionally tries to overload your system. To fix this, update Multer to the latest version.
What to do
- Update ulisesgascon multer to version 2.1.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ulisesgascon | multer | <= 2.1.0 | 2.1.0 |
Original title
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection du...
Original description
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.
nvd CVSS4.0
8.7
Vulnerability type
CWE-772
- https://nvd.nist.gov/vuln/detail/CVE-2026-2359
- https://github.com/advisories/GHSA-v52c-386h-88mc
- https://www.cve.org/CVERecord?id=CVE-2026-2359
- https://cna.openjsf.org/security-advisories.html
- https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9a...
- https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc
- https://github.com/expressjs/multer Product
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026