Allocation of Resources Without Limits or Throttling in body-parser - CVE-2026-12590
Published: July 9, 2026
body-parser
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in the request body size enforcement logic when handling requests with an invalid limit option value. A remote attacker can send an oversized request body to cause a denial of service.
This issue affects applications that use a programmatically computed or user-configurable limit value without validating it first.