_posts/2026-02-27-security-releases.md
The Express team has released a new patch version of multer addressing two high-severity security vulnerabilities.
{% include admonitions/warning.html content="We recommend upgrading to the latest version of multer to secure your applications." %}
The following vulnerabilities have been addressed:
multer versions <2.1.0 are vulnerable to denial of service via incomplete cleanup
A vulnerability in Multer versions <2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion.
Affected versions: < 2.1.0
Patched version: >= 2.1.0
For more details, see GHSA-xf7r-hgr6-v32p.
multer versions <2.1.0 are vulnerable to denial of service via resource exhaustion
A vulnerability in Multer versions <2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion.
Affected versions: < 2.1.0
Patched version: >= 2.1.0
For more details, see GHSA-v52c-386h-88mc.
We recommend upgrading to the latest version of multer to secure your applications.