CVE-2026-5079

The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js module Multer (CVE-2026-2359, CVE-2026-3304 & CVE-2026-3520)

Summary The IBM App Connect Enterprise Connector Discovery and OpenAPI Editor is vulnerable to multiple vulnerabilities due to Node.js module Multer. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer...

Exploit for CVE-2026-3304

CVE-2026-3304 Lab Environment This repository is a vulner...

org.webjars.npm:nestjs__platform-express (>=8.4.7 <=9.0.0-next.2) potentially affected by CVE-2026-3520 via org.webjars.npm:multer (=1.4.4-lts.1)

org.webjars.npm:multer MAVEN version =1.4.4-lts.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:multer and may be impacted: - org.webjars.npm:nestjsplatform-express =8.4.7, =9.0.0-next.2 Source cves: CVE-2026-3520 Source advisory:...

4591-libs (>=0.0.1 <=0.2.0), @10abdullahbutt/nestjs-boilerplate (=0.0.1) +1495 more potentially affected by CVE-2026-3520 via multer (>=2.0.0-alpha.2 <=2.1.0)

multer NPM version =2.0.0-alpha.2, =0.0.1, =0.0.1-alpha.1, =0.0.1-alpha.9, =0.0.0-alpha.119, =1.2.1, =0.0.1, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.2, =0.0.10, =0.6.2 and more Source cves: CVE-2026-3520 Source advisory: SNYK:JS-MULTER-15417528...

CVE-2026-3520

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No...

02url-querystring-http (>=1.0.1 <=1.0.4), 1-0-5-hai-aage-dekhte-hein-kya-aat-hai (>=1.0.5 <=1.0.6) +12780 more potentially affected by CVE-2026-3304 via multer (>=0.0.5 <=2.0.2)

multer NPM version =0.0.5, =1.0.1, =1.0.5, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.3 - 6e-alpha-backend-admin =1.0.0 and more Source cves: CVE-2026-3304 Source advisory: OSV:GHSA-XF7R-HGR6-V32P...

GHSA-XF7R-HGR6-V32P Multer vulnerable to Denial of Service via incomplete cleanup

Impact A vulnerability in Multer versions 2.1.0 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing resource exhaustion. Patches Users should upgrade to 2.1.0 Workarounds None...

4591-libs (>=0.0.1 <=0.2.0), @10abdullahbutt/nestjs-boilerplate (=0.0.1) +1494 more potentially affected by CVE-2026-2359 via multer (>=2.0.0-alpha.2 <=2.0.2)

multer NPM version =2.0.0-alpha.2, =0.0.1, =0.0.1-alpha.1, =0.0.1-alpha.9, =0.0.0-alpha.119, =1.2.1, =0.0.1, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.2, =0.0.10, =0.6.2 and more Source cves: CVE-2026-2359 Source advisory: SNYK:JS-MULTER-15365916...

4591-libs (>=0.0.1 <=0.2.0), @10abdullahbutt/nestjs-boilerplate (=0.0.1) +1494 more potentially affected by CVE-2026-3304 via multer (>=2.0.0-alpha.2 <=2.0.2)

multer NPM version =2.0.0-alpha.2, =0.0.1, =0.0.1-alpha.1, =0.0.1-alpha.9, =0.0.0-alpha.119, =1.2.1, =0.0.1, =1.0.0, =0.1.1, =0.0.1, =0.0.1, =0.0.1, =0.1.0, =0.0.2, =0.0.10, =0.6.2 and more Source cves: CVE-2026-3304 Source advisory: SNYK:JS-MULTER-15365918...

CVE-2026-3304

Multer (Node.js middleware for handling multipart/form-data) is affected by CVE-2026-3304: versions prior to 2.1.0 are vulnerable to a Denial of Service via malformed requests, potentially exhausting resources. The issue is addressed by upgrading to version 2.1.0; no public workarounds are docume...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to Multer middleware of node.js (CVE-2025-48997).

Summary Multer is vulnerable to a denial of service attack. This vulnerability affects IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prio...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-47944 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and pri...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-2.0.1.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-2.0.1.tgz Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts....

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in multer-1.4.5-lts.2.tgz Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource...