CVE-2026-8162

Name of the Vulnerable Software and Affected Versions multiparty versions 4.2.3 and earlier

Description A denial of service occurs due to an uncaught exception during the parsing of multipart/form-data requests. When a request contains a Content-Disposition header with a filename* parameter featuring malformed percent-encoding, the parser calls the decodeURI() function without a try/catch block. This results in a URIError that crashes the process, affecting any service that accepts multipart uploads via this library.

Recommendations Update to version 4.3.0 or higher.