ROOT-APP-NPM-CVE-2026-3304 CVE-2026-3304 in @rootio/multer - Patched by Root

Root has patched CVE-2026-3304 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

EUVD-2026-36726

Multer vulnerable to Denial of Service via deeply nested field names...

EUVD-2026-36728

Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...

ROOT-APP-NPM-CVE-2025-7338 CVE-2025-7338 in @rootio/multer - Patched by Root

Root has patched CVE-2025-7338 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-2359 CVE-2026-2359 in @rootio/multer - Patched by Root

Root has patched CVE-2026-2359 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-3520 CVE-2026-3520 in @rootio/multer - Patched by Root

Root has patched CVE-2026-3520 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

CVE-2026-5038

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...

CVE-2026-5038

MULTER CVE-2026-5038 affects multer’s diskStorage: versions 2.0.0-alpha.1–2.1.1 and 3.0.0-alpha.1 are vulnerable. The root cause is that Readable.pipe() does not propagate the stream destroy signal to the underlying fs.WriteStream, allowing aborted or malformed multipart uploads to leave orphaned...

CVE-2026-5038 multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...

CVE-2026-5079

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

CVE-2026-5079

The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...

CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

PT-2026-49242

Name of the Vulnerable Software and Affected Versions multer versions 2.0.0-alpha.1 through 2.1.1 multer version 3.0.0-alpha.1 Description A Denial of Service issue exists when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe...

PT-2026-49233

Name of the Vulnerable Software and Affected Versions multer versions 1.0.0 through 2.1.1 multer version 3.0.0-alpha.1 Description A Denial of Service issue exists due to the way the append-field dependency parses bracket notation in field names within multipart form data. Because there is no lim...

ROOT-APP-NPM-CVE-2025-47944 CVE-2025-47944 in @rootio/multer - Patched by Root

Root has patched CVE-2025-47944 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-47935 CVE-2025-47935 in @rootio/multer - Patched by Root

Root has patched CVE-2025-47935 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-48997 CVE-2025-48997 in @rootio/multer - Patched by Root

Root has patched CVE-2025-48997 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in multer-2.0.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...

Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench

Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.1.2 Vulnerability Details CVEID:CVE-2026-6951 DESCRIPTION: Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that block...