Impact
The vulnerability exists in the uploadPostHandler component of Andrei Marcu linx-server version 2.3.8. A malformed POST request can be sent to the upload endpoint, causing the server to consume excessive resources and ultimately become unresponsive. The flaw is a classic case of uncontrolled resource consumption (CWE‑400) and results in a denial of service impacting availability, potentially affecting all users interacting with the service. The CVSS score of 7.5 indicates a high impact, and because the flaw requires direct interaction with the server, the likely attack vector is via an external network POST request.
Affected Systems
This issue affects the Andrei Marcu linx-server software, specifically version 2.3.8. No other vendors or products are currently listed as affected. Administrators should verify whether their environment is running this component and assess any custom configurations that expose the upload endpoint.
Risk and Exploitability
The CVSS score of 7.5 classifies the vulnerability as high severity. The EPSS score is below 1%, indicating that the likelihood of exploitation in the wild is currently very low. The vulnerability is not listed in the CISA KEV catalog. Although the probability remains low, the impact on availability could be significant for services that rely on this endpoint, especially in high‑traffic environments. Attackers who can reach the upload endpoint over the network could trigger the denial of service by sending a crafted POST, so network exposure increases risk.
OpenCVE Enrichment