CVE-2026-32630: CVE-2026-32630: Denial of Service via Data Amplification in file-type npm Package

CVE-2026-32630: Denial of Service via Data Amplification in file-type npm Package Vulnerability ID: CVE-2026-32630 CVSS Score: 5.3 Published: 2026-03-13 The file-type npm package, versions 20.0.0 through 21.3.1, contains a CWE-409 (Improper Handling of Highly Compressed Data) vulnerability. The package fails to consistently apply memory allocation limits when decompressing internal ZIP file entries, allowing an unauthenticated remote attacker to trigger a Denial of Service (DoS) via a crafted, highly compressed ZIP archive. TL;DR file-type versions 20.0.0 to 21.3.1 are vulnerable to a ZIP bomb attack. Bypassed decompression limits for known-size inputs lead to massive memory allocation when processing crafted ZIP entries, resulting in an Out-of-Memory (OOM) process crash. ⚠️ Exploit Status: POC Technical Details CVE ID : CVE-2026-32630 CVSS v3.1 : 5.3 Attack Vector : Network Impact : Denial of Service (OOM) CWE ID : CWE-409 CISA KEV Status : Not Listed Affected Systems Node.js server a

CVE-2026-32630: CVE-2026-32630: Denial of Service via Data Amplification in file-type npm Package

Related Articles

These car gadgets are worth every penny

These Are the 4 Artemis II Astronauts Leading the Historic Return to the Moon

Taylor Lorenz’s Screen Time Is Almost 17 Hours a Day

RSpec Best Practices in 2026: Factory Bot + VCR Cassettes

The $380K Outage — Complete Timeline From Hell (2:14 AM to 4:02 AM)

Related Articles

News
These car gadgets are worth every penny
ZDNet • 11h ago

News
These Are the 4 Artemis II Astronauts Leading the Historic Return to the Moon
Wired • 11h ago

News
Taylor Lorenz’s Screen Time Is Almost 17 Hours a Day
Wired • 11h ago

News
RSpec Best Practices in 2026: Factory Bot + VCR Cassettes
Medium Programming • 11h ago

News
The $380K Outage — Complete Timeline From Hell (2:14 AM to 4:02 AM)
Medium Programming • 12h ago