Skip to content
Threat Feed

Product

Plug

1 brief RSS
medium advisory

Plug Multipart Header Parsing Denial-of-Service Vulnerability (CVE-2026-8468)

Plug versions 1.4.0 to 1.19.1 are vulnerable to denial-of-service (CVE-2026-8468) due to unbounded buffer accumulation in multipart header parsing, allowing an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request.

plug denial-of-service multipart web-application
2r 1t 1c