CVE-2026-2359

UNKNOWN 0.0

Multer vulnerable to Denial of Service via resource exhaustion

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

CWE	CWE-772
Vendor	expressjs
Product	multer
Published	Feb 27, 2026
Last Updated	Feb 27, 2026

Stay Ahead of the Next One

Get instant alerts for expressjs multer

Be the first to know when new unknown vulnerabilities affecting expressjs multer are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

expressjs / multer

0.0.0 < 2.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc cve.org: https://www.cve.org/CVERecord?id=CVE-2026-2359 github.com: https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab cna.openjsf.org: https://cna.openjsf.org/security-advisories.html