{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3520", "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb", "state": "PUBLISHED", "assignerShortName": "openjs", "dateReserved": "2026-03-04T15:27:42.237Z", "datePublished": "2026-03-04T16:17:18.962Z", "dateUpdated": "2026-03-04T17:12:25.815Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb", "shortName": "openjs", "dateUpdated": "2026-03-04T16:17:18.962Z"}, "descriptions": [{"lang": "en", "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available."}]}], "affected": [{"vendor": "expressjs", "product": "multer", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "status": "affected", "version": "0", "lessThan": "2.1.1"}], "packageURL": "pkg:npm/multer"}], "references": [{"url": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-3520"}, {"url": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752"}, {"url": "https://cna.openjsf.org/security-advisories.html"}], "credits": [{"lang": "en", "type": "reporter", "value": "Yuki Matsuhashi"}, {"lang": "en", "type": "remediation developer", "value": "Chris de Almeida"}, {"lang": "en", "type": "remediation reviewer", "value": "Ulises Gasc\u00f3n"}], "title": "Multer vulnerable to Denial of Service via uncontrolled recursion", "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "baseScore": 8.7, "baseSeverity": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-674", "lang": "en", "description": "CWE-674: Uncontrolled Recursion", "type": "CWE"}]}], "x_generator": {"engine": "cve-kit 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T17:12:05.396070Z", "id": "CVE-2026-3520", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T17:12:25.815Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3520", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T17:12:05.396070Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T17:12:17.326Z"}}], "cna": {"title": "Multer vulnerable to Denial of Service via uncontrolled recursion", "credits": [{"lang": "en", "type": "reporter", "value": "Yuki Matsuhashi"}, {"lang": "en", "type": "remediation developer", "value": "Chris de Almeida"}, {"lang": "en", "type": "remediation reviewer", "value": "Ulises Gasc\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "expressjs", "product": "multer", "versions": [{"status": "affected", "version": "0", "lessThan": "2.1.1", "versionType": "semver"}], "packageURL": "pkg:npm/multer", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-3520"}, {"url": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752"}, {"url": "https://cna.openjsf.org/security-advisories.html"}], "x_generator": {"engine": "cve-kit 1.0.0"}, "descriptions": [{"lang": "en", "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.", "supportingMedia": [{"type": "text/html", "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-674", "description": "CWE-674: Uncontrolled Recursion"}]}], "providerMetadata": {"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb", "shortName": "openjs", "dateUpdated": "2026-03-04T16:17:18.962Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3520", "state": "PUBLISHED", "dateUpdated": "2026-03-04T17:12:25.815Z", "dateReserved": "2026-03-04T15:27:42.237Z", "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb", "datePublished": "2026-03-04T16:17:18.962Z", "assignerShortName": "openjs"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available."}], "id": "CVE-2026-3520", "lastModified": "2026-03-04T18:08:05.730", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ce714d77-add3-4f53-aff5-83d477b104bb", "type": "Secondary"}]}, "published": "2026-03-04T17:16:22.610", "references": [{"source": "ce714d77-add3-4f53-aff5-83d477b104bb", "url": "https://cna.openjsf.org/security-advisories.html"}, {"source": "ce714d77-add3-4f53-aff5-83d477b104bb", "url": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752"}, {"source": "ce714d77-add3-4f53-aff5-83d477b104bb", "url": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2"}, {"source": "ce714d77-add3-4f53-aff5-83d477b104bb", "url": "https://www.cve.org/CVERecord?id=CVE-2026-3520"}], "sourceIdentifier": "ce714d77-add3-4f53-aff5-83d477b104bb", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "ce714d77-add3-4f53-aff5-83d477b104bb", "type": "Secondary"}]}

{"bugzilla": {"description": "multer: Multer: Denial of Service via malformed requests", "id": "2444584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444584"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-3520", "package_state": [{"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:ansible_portal:2", "fix_state": "Affected", "package_name": "ansible-automation-platform/automation-portal", "product_name": "Self-service automation portal 2"}], "public_date": "2026-03-04T16:17:18Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3520\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3520\nhttps://cna.openjsf.org/security-advisories.html\nhttps://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\nhttps://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2"], "threat_severity": "Important"}