7.5

CVE-2026-8162

EPSS 0.28%
Veröffentlicht 12.05.2026 09:05:12
Zuletzt bearbeitet 13.05.2026 14:43:47
Quelle ce714d77-add3-4f53-aff5-83d477
CVE-Watchlists
Login
Unerledigt
Login

multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. The resulting URIError propagates as an uncaught exception and crashes the process. Impact: any service accepting multipart uploads via multiparty is affected. Workarounds: none. Upgrade to multiparty@4.3.0 or higher.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pillarjs ≫ Multiparty SwPlatformnode.js Version < 4.3.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.194

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ce714d77-add3-4f53-aff5-83d477b104bb	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://cna.openjsf.org/security-advisories.html

Third Party Advisory

https://github.com/pillarjs/multiparty/security/advisories/GHSA-xh3c-6gcq-g4rv

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-8162

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-8162

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-8162

EUVD