CVE-2026-2359
Modified Modified - Updated After Analysis

Denial of Service in Multer Middleware via Connection Drop

Vulnerability report for CVE-2026-2359, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-27

Last updated on: 2026-06-30

Assigner: openjs

Description

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-27
Last Modified
2026-06-30
Generated
2026-07-06
AI Q&A
2026-02-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
expressjs multer to 2.1.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-772 The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Multer, a Node.js middleware used for handling multipart/form-data, specifically file uploads. In versions prior to 2.1.0, an attacker can exploit this vulnerability by dropping the connection during a file upload process.

This action can trigger a Denial of Service (DoS) condition, potentially causing resource exhaustion on the server handling the uploads.

To fix this issue, users should upgrade Multer to version 2.1.0 or later, as no known workarounds are available.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS) condition on the server using Multer for file uploads.

An attacker can cause resource exhaustion by dropping connections during file uploads, which may degrade or completely disrupt the availability of the affected service.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, users should upgrade Multer to version 2.1.0 or later, as this version contains the patch that fixes the issue.

No known workarounds are available, so upgrading is the recommended immediate step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2359. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart