CVE-2026-8159

Name of the Vulnerable Software and Affected Versions multiparty versions prior to 4.3.0

Description A denial of service issue exists due to regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload containing a long header value can cause regex matching to take several seconds, which blocks the event loop. This affects any service that accepts multipart uploads using this library.

Recommendations Upgrade to version 4.3.0 or higher. Limit upload sizes at the proxy or gateway layer to reduce the attack surface.