CVE-2026-2359 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-2359 PUBLISHED CVSS 8.699999809265137 HIGH

Multer vulnerable to Denial of Service via resource exhaustion

EPSS 0.02% · 4.0th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

4.0th percentile

Affected Products

Vendor	Product	Versions
expressjs	multer	0.0.0, 0, 0.0.0
npm	multer	0, 0, 0

Timeline

Feb 11, 2026 CVE ID Reserved
Feb 27, 2026 PoC Published
Feb 27, 2026 CVE Published
Feb 27, 2026 PoC Published
Feb 27, 2026 CVE Updated
Feb 28, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 1, 2026 PoC Published
Mar 2, 2026 EPSS Score
Mar 3, 2026 EPSS Score
Mar 4, 2026 EPSS Score
Mar 5, 2026 EPSS Score

References

Open in Interactive Console →