CVE-2026-2359
Received Received - Intake
Denial of Service in Multer Middleware via Connection Drop

Publication date: 2026-02-27

Last updated on: 2026-03-19

Assigner: openjs

Description
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-02-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2359
EUVD
EUVD-2026-9032
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
expressjs multer to 2.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-772 The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS) condition on the server using Multer for file uploads.

An attacker can cause resource exhaustion by dropping connections during file uploads, which may degrade or completely disrupt the availability of the affected service.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, users should upgrade Multer to version 2.1.0 or later, as this version contains the patch that fixes the issue.

No known workarounds are available, so upgrading is the recommended immediate step.

Executive Summary

This vulnerability exists in Multer, a Node.js middleware used for handling multipart/form-data, specifically file uploads. In versions prior to 2.1.0, an attacker can exploit this vulnerability by dropping the connection during a file upload process.

This action can trigger a Denial of Service (DoS) condition, potentially causing resource exhaustion on the server handling the uploads.

To fix this issue, users should upgrade Multer to version 2.1.0 or later, as no known workarounds are available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2359. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart