Skip to main content

AdonisJS CVE-2026-21440

Path Traversal (CWE-22)
2026-01-02 security-advisories@github.com GHSA-gvq6-hvvp-h34h

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 02, 2026 - 19:15 nvd
N/A

DescriptionCVE.org

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

AnalysisAI

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem.

Technical ContextAI

Classified as CWE-22 (Path Traversal). Affects adonisjs/bodyparser. AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

Affected ProductsAI

Product: adonisjs/bodyparser. Versions: up to 10.1.1.

RemediationAI

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists.

Share

CVE-2026-21440 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy