wid-sec-w-2026-0903 · Published 2026-03-29 · View on BSI CERT-Bund ↗

IBM App Connect Enterprise: Multiple Vulnerabilities allow Denial of Service

CVSS 8.7 HIGH

Risk Summary

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing stack overflow. Users should upgrade to version 2.1.1 to receive a patch. No known workarounds are available.

CVEs (3)

CVE-2026-2359 CVE-2026-3304 CVE-2026-3520

Affected Vendors

IBM

Affected Products (8)

IBM · App Connect Enterprise <12.0.12.24

IBM · App Connect Enterprise 12.0.12.24

IBM · App Connect Enterprise <13.0.7.0

IBM · App Connect Enterprise 13.0.7.0

IBM · App Connect Enterprise Container Operator <12.0.22

IBM · App Connect Enterprise Container Operator 12.0.22

IBM · App Connect Enterprise Certified Container Operator <13.0.0

IBM · App Connect Enterprise Certified Container Operator 13.0.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more