Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-8161
PUBLISHED
More InfoOfficial Page
Assigner-openjs
Assigner Org ID-ce714d77-add3-4f53-aff5-83d477b104bb
View Known Exploited Vulnerability (KEV) details
Published At-12 May, 2026 | 08:50
Updated At-12 May, 2026 | 08:50
Rejected At-
▼CVE Numbering Authority (CNA)
multiparty vulnerable to Denial of Service via Prototype Pollution leading to Uncaught Exception

multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as __proto__, constructor, or toString, the parser invokes .push() on the inherited prototype value rather than an array, throwing a TypeError that propagates as an uncaught exception and crashes the process. Impact: any service accepting multipart uploads via multiparty is affected. Workarounds: none. Upgrade to multiparty@4.3.0 or higher.

Affected Products
Vendor
multiparty
Product
multiparty
Default Status
unaffected
Versions
Affected
  • From 0 through 4.2.3 (semver)
Unaffected
  • 4.3.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-248CWE-248: Uncaught Exception
CWECWE-1321CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Type: CWE
CWE ID: CWE-248
Description: CWE-248: Uncaught Exception
Type: CWE
CWE ID: CWE-1321
Description: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Ser0n-ath
remediation developer
Sebastian Beltran
finder
kq5y
finder
Byambadalai Sumiya
remediation reviewer
Blake Embrey
remediation reviewer
Ulises Gascón
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/pillarjs/multiparty/security/advisories/GHSA-qxch-whhj-8956
N/A
https://cna.openjsf.org/security-advisories.html
N/A
Hyperlink: https://github.com/pillarjs/multiparty/security/advisories/GHSA-qxch-whhj-8956
Resource: N/A
Hyperlink: https://cna.openjsf.org/security-advisories.html
Resource: N/A
Details not found