Denial of Service Vulnerability in Gleam-Wisp Product by Vendor Gleam
CVE-2026-32145

8.7HIGH

Key Information:

Vendor: Gleam-wisp
Status: Wisp
Vendor: CVE Published:; 2 April 2026

What is CVE-2026-32145?

The Gleam-Wisp product is affected by a vulnerability that allows unauthenticated attackers to exploit multipart form body parsing. The multipart_body function fails to enforce limits set for max_body_size and max_files_size, allowing submission of excessive data in a single HTTP request. This flaw can lead to exhaustion of server memory or disk space, rendering the service unavailable due to the inability to process additional requests. This issue is present in versions of wisp from 0.2.0 up to, but not including, 2.2.2. Immediate action should be taken to mitigate potential disruptions.

Affected Version(s)

wisp 0.2.0 < 2.2.2

wisp d8e722e22ccb42bda9d0b6248658d37ab4e9b376 < 7a978748e12ab29db232c222254465890e1a4a90

References

https://github.com/gleam-wisp/wisp/security/advisories/GH...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-32145.html

https://osv.dev/vulnerability/EEF-CVE-2026-32145

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 10, 2026

Credit

John Downey

Louis Pilfold

CVE-2026-32145 Data

JSON

Gleam-wisp

What is CVE-2026-32145?

Affected Version(s)

References

CVSS V4

Timeline

Credit