{"uuid": "6428ba37-e264-45c2-b231-c10600780afa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50879", "type": "seen", "source": "https://gist.github.com/pyuysig/807d92e6d8e7648d140d004f3b54b08b", "content": "# Vulnerability Report: CVE-2026-50879 - linx-server - Multipart upload parsed to disk before max size enforcement\n\n## Vulnerability Summary\nAndrei Marcu linx-server 2.3.8 contains a denial-of-service issue in multipart upload handling. A remote attacker can send an oversized multipart/form-data POST request to /upload/ so that the request body is parsed into temporary files before the application enforces its maxsize limit, leading to disk exhaustion.\n\n## Affected Product\n- **Vendor**: Andrei Marcu\n- **Product**: linx-server\n- **Version**: 2.3.8\n- **Vulnerable Component**: POST /upload/ multipart/form-data handling in uploadPostHandler\n\n## Vulnerability Details\n- **Vulnerability Type**: Resource Management Error\n- **Weakness**: CWE-400\n- **Attack Conditions**: Remote oversized multipart/form-data POST request to /upload/.\n\n## Report Body\n\n### Summary\nAndrei Marcu linx-server 2.3.8 contains a denial-of-service issue in multipart upload handling. A remote attacker can send an oversized multipart/form-data POST request to /upload/ so that the request body is parsed into temporary files before the application enforces its maxsize limit, leading to disk exhaustion.\n\n### Details\nThe upload handler allows multipart parsing to materialize request data into temporary files before applying the intended application maxsize restriction.\n\n### PoC\n1. Prepare an environment matching the affected product and version above.\n2. Trigger the vulnerable component under the attack conditions described for CVE-2026-50879.\n3. Confirm the security result: Oversized multipart requests create temporary files and consume disk before the handler rejects the request by configured size.\n\n### Impact\nRemote disk exhaustion and denial of service through oversized multipart upload requests.\n\n## Remediation\nEnforce request body limits before multipart parsing and configure the parser with strict maximum file and memory limits.\n\n## Credit\n- Discoverer(s): Yuming Zhang and Song Li of Zhejiang University\n\n## Notes\nThis public reference is intended to support the CVE record with concise, factual vulnerability details. It intentionally avoids a full exploit release.\n", "creation_timestamp": "2026-06-13T12:45:47.000000Z"}