HIGH
form-data
CVE published 2026-06-12
CVE-2026-12143
CVE-2026-12143 is a high-severity vulnerability (CVSS Score: 8.7) affecting the form-data library, which is used to create readable multipart/form-data streams. The vulnerability allows an attacker to inject additional headers or smuggle entire additional multipart parts into a request by exploiting the `field` argument in `FormData#append` and the `filename` option. This is possible because the library d [truncated]