Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Multer Package Allows Unauthenticated File Uploads
ROOT-APP-NPM-CVE-2026-3304
Summary
The @rootio/multer package, used for handling multipart file uploads, has a security issue that allows attackers to upload files without authentication. This could potentially be exploited to compromise your application's security. Update to the latest version to fix this issue.
What to do
- Update rootio @rootio/multer to version 2.0.2-root.io.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| rootio | @rootio/multer | <= 2.0.2-root.io.2 | 2.0.2-root.io.2 |
Original title
CVE-2026-3304 in @rootio/multer - Patched by Root
Original description
Root has patched CVE-2026-3304 in the @rootio/multer package for Root:npm. Multiple fixed versions available.
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026