CVE-2026-8161 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: May 12, 2026
multiparty - Denial of Service
Overview
multiparty <= 4.2.3 contains a denial of service caused by uncaught exception when multipart/form-data requests use field names colliding with Object.prototype properties, letting attackers crash the process, exploit requires crafted multipart requests.
Severity & Score
Impact
Attackers can crash the service process, causing denial of service.
Mitigation
Upgrade to [email protected] or higher.
References
Social Media Activity(2 posts)
š CVE-2026-8161 - High (7.5) [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constructor, or... š https://www.thehackerwire.com/vulnerability/CVE-2026-8161/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-8161 - High (7.5) [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constructor, or... š https://www.thehackerwire.com/vulnerability/CVE-2026-8161/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postGitHub Repositories(1 repo)
Related Resources
Details
- CVE ID
- CVE-2026-8161
- Severity
- High
- CVSS Score
- 7.5
- Type
- denial_of_service
- Status
- unconfirmed
- EPSS
- 4.1%
- Social Posts
- 2
CWE
- CWE-248
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H