HIGH
sbabic
CVE published 2026-04-23
CVE-2026-28525
CVE-2026-28525 is an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c of SWUpdate. This vulnerability allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing. The vulnerability is triggered when the buffer length falls within a specific range, c [truncated]