CVE-2026-50879
Deferred Deferred - Pending Action

Denial of Service in linx-server via crafted POST request

Vulnerability report for CVE-2026-50879, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: MITRE

Description

An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
andrei_marcu linx-server 2.3.8

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-50879 is a vulnerability in the uploadPostHandler component of Andrei Marcu linx-server version 2.3.8. The issue arises because the server processes multipart file uploads and writes the file content to temporary disk storage before enforcing the configured maximum file size limit.

Specifically, when a POST request with a file upload is received, the server calls r.FormFile("file"), which causes Go's HTTP multipart handler to spool the file content to temporary disk storage during parsing. The application only checks the file size limit after this parsing step.

This means an attacker can send a crafted multipart POST request with a file much larger than the allowed size, causing the server to consume temporary disk space before rejecting the upload. Repeated or parallel requests can fill up the temporary storage, leading to a denial-of-service (DoS) condition.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to cause a denial-of-service (DoS) condition on your server.

Because the server writes oversized uploaded files to temporary disk storage before enforcing size limits, an attacker can send multiple large file uploads that consume all available temporary disk space.

This disk consumption can disrupt normal server operations, potentially making the service unavailable to legitimate users.

Detection Guidance

This vulnerability can be detected by monitoring for unusually large or repeated multipart POST requests to the /upload/ endpoint, especially those that attempt to upload files larger than the configured maximum size.

Network or system administrators can use tools like tcpdump or Wireshark to capture and analyze HTTP POST requests targeting the /upload/ path.

Example commands to detect such activity include:

  • Using tcpdump to capture HTTP POST requests to /upload/: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /upload/'
  • Using grep or similar tools on web server logs to find large or repeated POST requests to /upload/.

Additionally, monitoring disk usage of temporary storage directories can help detect abnormal spikes caused by this vulnerability exploitation.

Mitigation Strategies

Immediate mitigation steps include limiting the size of incoming multipart requests before they are fully parsed and written to temporary storage.

Since the vulnerability arises because the server processes multipart uploads before enforcing the maximum file size, configuring the server or application to reject requests exceeding size limits at the network or application firewall level can help.

Other steps include:

  • Implementing rate limiting or throttling on the /upload/ endpoint to prevent repeated large uploads.
  • Monitoring and cleaning temporary storage regularly to avoid disk exhaustion.
  • Updating the linx-server to a version where this issue is fixed, if available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50879. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart