Improper Handling of Exceptional Conditions

CVE-2026-8162

High

7.5/10

Summary

multiparty versions through 4.2.3 are vulnerable to Denial-of-Service (DoS) via uncaught exception. By sending a 'multipart/form-data' request with a 'Content-Disposition' header whose 'filename*' parameter contains a malformed percent-encoding, the parser invokes 'decodeURI' on the value without try/catch. The resulting 'URIError' propagates as an uncaught exception and crashes the process. Impact: any service accepting multipart uploads via multiparty is affected. Workarounds: none.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

References

Advisory
Release Note

Advisory Timeline

Published May 12, 2026

Improper Handling of Exceptional Conditions

CVE-2026-8162

Summary

CWE-755 - Improper Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS