CVE-2026-32145

Name of the Vulnerable Software and Affected Versions gleam-wisp wisp versions 0.2.0 through 2.2.1

Description gleam-wisp wisp contains a flaw in multipart form body parsing that can lead to a denial of service. The multipart body function does not enforce configured limits on body and file sizes. Specifically, when a multipart boundary is missing in a chunk, the parser appends the chunk without updating the quota, leading to an unauthenticated attacker being able to exhaust server resources by sending large multipart form submissions.

Recommendations Upgrade to a version later than 2.2.1.