CVE-2026-50879
Received Received - Intake
Denial of Service in linx-server via crafted POST request

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: MITRE

Description
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-50879
EUVD
EUVD-2026-36777
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
andrei_marcu linx-server 2.3.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-50879 is a vulnerability in the uploadPostHandler component of Andrei Marcu linx-server version 2.3.8. The issue arises because the server processes multipart file uploads and writes the file content to temporary disk storage before enforcing the configured maximum file size limit.

Specifically, when a POST request with a file upload is received, the server calls r.FormFile("file"), which causes Go's HTTP multipart handler to spool the file content to temporary disk storage during parsing. The application only checks the file size limit after this parsing step.

This means an attacker can send a crafted multipart POST request with a file much larger than the allowed size, causing the server to consume temporary disk space before rejecting the upload. Repeated or parallel requests can fill up the temporary storage, leading to a denial-of-service (DoS) condition.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to cause a denial-of-service (DoS) condition on your server.

Because the server writes oversized uploaded files to temporary disk storage before enforcing size limits, an attacker can send multiple large file uploads that consume all available temporary disk space.

This disk consumption can disrupt normal server operations, potentially making the service unavailable to legitimate users.

Detection Guidance

This vulnerability can be detected by monitoring for unusually large or repeated multipart POST requests to the /upload/ endpoint, especially those that attempt to upload files larger than the configured maximum size.

Network or system administrators can use tools like tcpdump or Wireshark to capture and analyze HTTP POST requests targeting the /upload/ path.

Example commands to detect such activity include:

  • Using tcpdump to capture HTTP POST requests to /upload/: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /upload/'
  • Using grep or similar tools on web server logs to find large or repeated POST requests to /upload/.

Additionally, monitoring disk usage of temporary storage directories can help detect abnormal spikes caused by this vulnerability exploitation.

Mitigation Strategies

Immediate mitigation steps include limiting the size of incoming multipart requests before they are fully parsed and written to temporary storage.

Since the vulnerability arises because the server processes multipart uploads before enforcing the maximum file size, configuring the server or application to reject requests exceeding size limits at the network or application firewall level can help.

Other steps include:

  • Implementing rate limiting or throttling on the /upload/ endpoint to prevent repeated large uploads.
  • Monitoring and cleaning temporary storage regularly to avoid disk exhaustion.
  • Updating the linx-server to a version where this issue is fixed, if available.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50879. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart