A vulnerability classified as problematic has been found in multer up to 2.1.x/3.0.0-alpha.1 . This impacts the function Readable.pipe of the component Multipart Upload Handler . Performing a manipulation results in incomplete cleanup. This vulnerability is cataloged as CVE-2026-5038 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.