SB2026070953 - Allocation of Resources Without Limits or Throttling in body-parser



SB2026070953 - Allocation of Resources Without Limits or Throttling in body-parser

Published: July 9, 2026

Security Bulletin ID SB2026070953
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-12590)

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to allocation of resources without limits or throttling in the request body size enforcement logic when handling requests with an invalid limit option value. A remote attacker can send an oversized request body to cause a denial of service.

This issue affects applications that use a programmatically computed or user-configurable limit value without validating it first.


Remediation

Install update from vendor's website.