This page lists publicly disclosed CVE vulnerabilities affecting expressjs multer (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-3520 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available. | ce714d77-add3-4f53-aff5-83d477b104bb | 8.7 | 0.06% | 2026-03-04 | 2026-03-09 |
| CVE-2026-3304 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. | ce714d77-add3-4f53-aff5-83d477b104bb | 8.7 | 0.02% | 2026-02-27 | 2026-03-19 |
| CVE-2026-2359 | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available. | ce714d77-add3-4f53-aff5-83d477b104bb | 8.7 | 0.02% | 2026-02-27 | 2026-03-19 |