CVE-2026-2359

Risk Scores

Affected Products

Exploit Intelligence

• CIRCL seen: CVE-2026-2359 (circl-sighting)
• CIRCL seen: CVE-2026-2359 (circl-sighting)
• CIRCL seen: CVE-2026-2359 (circl-sighting)
• https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc (circl)
• https://www.cve.org/CVERecord?id=CVE-2026-2359 (circl)
• https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab (circl)
• https://cna.openjsf.org/security-advisories.html (circl)
• server.js (github-poc)
• server.js (github-poc)
• CVE-2026-3304.json (github-poc)

…and 18 more exploits

Timeline

• Feb 11, 2026 CVE ID Reserved
• Feb 27, 2026 PoC Published
• Feb 27, 2026 CVE Published
• Feb 27, 2026 PoC Published
• Feb 27, 2026 CVE Updated
• Feb 28, 2026 EPSS Score
• Mar 1, 2026 EPSS Score
• Mar 1, 2026 PoC Published
• Mar 3, 2026 EPSS Score
• Mar 4, 2026 EPSS Score
• Mar 6, 2026 EPSS Score
• Mar 7, 2026 EPSS Score

References

• https://github.com/expressjs/multer package
• https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc url
• https://www.cve.org/CVERecord?id=CVE-2026-2359 url
• https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab url
• https://cna.openjsf.org/security-advisories.html url
• https://nvd.nist.gov/vuln/detail/CVE-2026-2359 advisory
• https://www.ibm.com/support/pages/node/7274185 advisory
• https://www.ibm.com/support/pages/node/7274154 advisory
• https://www.ibm.com/support/pages/node/7274180 advisory
• https://www.ibm.com/support/pages/node/7274183 advisory
• https://www.ibm.com/support/pages/node/7273957 advisory
• https://www.ibm.com/support/pages/node/7274184 advisory
• https://www.ibm.com/support/pages/node/7274314 advisory
• https://www.ibm.com/support/pages/node/7274182 advisory
• https://www.ibm.com/support/pages/node/7274181 advisory
• https://www.ibm.com/support/pages/node/7273803 advisory
• https://www.ibm.com/support/pages/node/7272901 advisory