Description
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
Published: 2026-06-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the uploadPostHandler component of Andrei Marcu linx-server version 2.3.8. A malformed POST request can be sent to the upload endpoint, causing the server to consume excessive resources and ultimately become unresponsive. The flaw is a classic case of uncontrolled resource consumption (CWE‑400) and results in a denial of service impacting availability, potentially affecting all users interacting with the service. The CVSS score of 7.5 indicates a high impact, and because the flaw requires direct interaction with the server, the likely attack vector is via an external network POST request.

Affected Systems

This issue affects the Andrei Marcu linx-server software, specifically version 2.3.8. No other vendors or products are currently listed as affected. Administrators should verify whether their environment is running this component and assess any custom configurations that expose the upload endpoint.

Risk and Exploitability

The CVSS score of 7.5 classifies the vulnerability as high severity. The EPSS score is below 1%, indicating that the likelihood of exploitation in the wild is currently very low. The vulnerability is not listed in the CISA KEV catalog. Although the probability remains low, the impact on availability could be significant for services that rely on this endpoint, especially in high‑traffic environments. Attackers who can reach the upload endpoint over the network could trigger the denial of service by sending a crafted POST, so network exposure increases risk.

Generated by OpenCVE AI on June 18, 2026 at 01:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch for Andrei Marcu linx‑server or upgrade to a version where the uploadPostHandler flaw is fixed.
  • Implement rate limiting or input validation on the uploadPostHandler POST endpoint to prevent excessive resource consumption by single requests.
  • Deploy a Web Application Firewall or inbound firewall rule to block malformed or oversized POST requests targeting the upload endpoint.
  • Monitor server logs for repeated POST patterns and trigger alerts on high‑frequency upload attempts.

Generated by OpenCVE AI on June 18, 2026 at 01:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Linx-server
Linx-server linx-server
Vendors & Products Linx-server
Linx-server linx-server

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted POST Request to Andrei Marcu Linx‑Server v2.3.8

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted POST Request to Andrei Marcu Linx‑Server v2.3.8

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
References

Subscriptions

Linx-server Linx-server
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T13:02:33.138Z

Reserved: 2026-06-07T00:00:00.000Z

Link: CVE-2026-50879

cve-icon Vulnrichment

Updated: 2026-06-16T13:00:04.938Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T20:16:30.827

Modified: 2026-06-16T15:35:16.600

Link: CVE-2026-50879

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:46:18Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption