CVE-2026-3304 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-3304 PUBLISHED CVSS 8.699999809265137 HIGH

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.

EPSS 0.02% · 4.0th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.02%

4.0th percentile

Affected Products

Vendor	Product	Versions
expressjs	multer	0.0.0, 0, 0.0.0
npm	multer	0, 0, 0

Timeline

Feb 26, 2026 CVE ID Reserved
Feb 27, 2026 PoC Published
Feb 27, 2026 CVE Published
Feb 27, 2026 PoC Published
Feb 27, 2026 CVE Updated
Feb 28, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 1, 2026 PoC Published
Mar 1, 2026 PoC Published
Mar 1, 2026 PoC Published
Mar 1, 2026 PoC Published
Mar 1, 2026 PoC Published

References

Open in Interactive Console →