HIGH
multer
CVE published 2026-06-15
CVE-2026-5079
CVE-2026-5079 is a HIGH severity vulnerability in multer, a popular Node.js middleware for handling multipart/form-data. The vulnerability allows an attacker to cause a Denial of Service (DoS) by sending a single HTTP request with a crafted multipart body containing deeply nested field names. This causes the append-field dependency to allocate deeply nested object structures, consuming excessive CPU and memory.