SB2026070953 - Allocation of Resources Without Limits or Throttling in body-parser
Published: July 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-12590)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the request body size enforcement logic when handling requests with an invalid limit option value. A remote attacker can send an oversized request body to cause a denial of service.
This issue affects applications that use a programmatically computed or user-configurable limit value without validating it first.
Remediation
Install update from vendor's website.