Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
3Blast Radius
ecosystem impact- 100 npm packages depend on @mikro-orm/knex (19 direct, 82 indirect)
- 11 npm packages depend on @mikro-orm/sql (8 direct, 3 indirect)
Ecosystem-wide dependent count for version 6.6.14 and other introduced versions.
DescriptionGitHub Advisory
Summary
MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey) did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When application code passes attacker-influenced strings to public ORM APIs that expect an identifier or a JSON-property filter, an attacker can break out of the quoted context and inject arbitrary SQL.
Affected APIs
The vulnerability is reachable when application code passes an attacker-influenced string to any of the following documented APIs:
- Multi-tenant
schemaoption -em.fork({ schema }),qb.withSchema(name),wrap(entity).setSchema(name),em.create(Cls, data, { schema }). The schema name is concatenated into the SQL identifier and never had its dialect quote character escaped. em.find/qb.whereJSON-property filters -em.find(Entity, { jsonCol: { [userKey]: value } }). The user-supplied JSON sub-keys cannot be validated against any metadata (JSON columns are schemaless by design), and were spliced into the SQL string literal of the JSON path expression without escaping.qb.where/qb.orderBy/qb.groupBy/qb.having/qb.selectkeys - keys containing.or::bypassed the structured-where metadata validator inCriteriaNode, then flowed through the same brokenquoteIdentifier. Apps that forwarded raw filter keys from request input were already broken on authorization grounds (e.g.{ isAdmin: true }); the SQL injection here is a defence-in-depth failure on top of that.
The vulnerability does not affect documented escape-hatch APIs (raw(), the sql tagged template, qb.raw(), em.raw()) - those are documented as accepting raw SQL and are the application's responsibility to sanitize.
Impact
- Confidentiality - read from any table/schema the database user has access to (cross-tenant data leak in multi-tenant deployments).
- Integrity - on dialects supporting multi-statement queries (MSSQL, MySQL with multi-statement enabled), execute additional arbitrary SQL statements (data modification, in-database privilege escalation).
- Availability - DROP/TRUNCATE via injected statements where the database user has the privilege.
Affected dialects
All SQL dialects supported by MikroORM. The identifier-quoting bug exists in every dialect's quoteIdentifier (the dialect's own quote character - backtick, double quote, or right bracket - was not doubled when embedded in the identifier). The JSON-path bug exists in all dialects' getSearchJsonPropertyKey/quoteJsonKey.
MongoDB driver is not affected (no SQL).
Patches
- v7: upgrade to 7.0.14 or later.
- v6: upgrade to 6.6.14 or later.
Patches:
- Identifier quoting: #7653 (master) / #7654 (6.x)
- JSON-path keys: #7656 (master) / #7657 (6.x)
Workarounds
If users cannot upgrade immediately:
- For multi-tenant apps using
em.fork({ schema })/wrap().setSchema()/qb.withSchema(): validate the schema name against a strict allowlist (e.g.^[A-Za-z_][\w$]*$) before passing it to MikroORM. - For applications that pass
where/orderByfilters from request input: validate every key against the entity's known properties before constructing the filter; do not pass keys containing.or::from user input. - For applications that allow filtering on JSON columns from request input: validate every JSON sub-key against an allowlist (or against
^[a-zA-Z_][\w]*$) before passing it toem.find.
Credits
Reported and patched by Martin Adámek (project maintainer) during an internal security review.
AnalysisAI
SQL injection in MikroORM versions ≤7.0.13 (v7) and ≤6.6.13 (v6) allows authenticated attackers to execute arbitrary SQL queries by injecting malicious characters into schema names, JSON property filters, or query builder keys. The vulnerability stems from improper escaping of dialect-specific quote characters in identifier-quoting and JSON-path functions. Multi-tenant applications are at heightened risk of cross-tenant data leakage. Vendor-released patches are available: upgrade to 7.0.14 (v7) or 6.6.14 (v6). No public exploit identified at time of analysis, though the vulnerability was discovered during internal security review by the project maintainer.
Technical ContextAI
MikroORM is a TypeScript ORM for Node.js supporting multiple SQL databases (PostgreSQL, MySQL, MariaDB, MSSQL, SQLite). The vulnerability exists in the Platform.quoteIdentifier method and its dialect-specific overrides (PostgreSqlPlatform, MsSqlPlatform) which wrap SQL identifiers in dialect-specific quote characters (double-quotes for PostgreSQL, backticks for MySQL/MariaDB/SQLite, brackets for MSSQL). The code failed to escape embedded quote characters before concatenation-for example, a PostgreSQL identifier containing a double-quote character was not doubled per SQL standard, allowing an attacker to prematurely close the quoted context and inject arbitrary SQL. A parallel flaw existed in getSearchJsonPropertyKey/quoteJsonKey functions used for JSON path expressions in JSONB/JSON column queries. This is a classic CWE-89 (SQL Injection) failure where structured API parameters (schema names, JSON keys) were treated as identifiers but not sanitized according to SQL string-literal and identifier-quoting rules. The patches apply .replaceAll(quote, quote+quote) before wrapping identifiers, implementing proper SQL escaping per ANSI SQL-92 identifier delimited form rules.
RemediationAI
Upgrade to patched versions immediately: MikroORM v7 users upgrade to version 7.0.14 or later, v6 users upgrade to version 6.6.14 or later. Patches are available via npm (npm update @mikro-orm/sql @mikro-orm/knex) and apply fixes from GitHub pull requests #7654 (identifier quoting) and #7657 (JSON path keys) for v6, with corresponding master branch PRs #7653 and #7656 for v7. If immediate upgrade is not feasible, implement these compensating controls with noted trade-offs: For multi-tenant schema switching, validate schema names against a strict allowlist regex (^[A-Za-z_][\w$]*$) before passing to em.fork/qb.withSchema/wrap.setSchema-this prevents legitimate schema names containing special characters and may break existing functionality if schema names violate this pattern. For query builder usage with user input, validate all where/orderBy/groupBy/having/select keys against entity metadata properties before constructing filters, rejecting any keys containing '.' or '::' characters-this blocks navigation properties and type-casting operators, potentially breaking legitimate queries using these features. For JSON column filtering, validate all JSON sub-keys against an allowlist or the same strict regex before passing to em.find-this restricts JSON property names to ASCII alphanumeric identifiers, which may be insufficient for applications using Unicode or special characters in JSON structures. These workarounds reduce attack surface but impose functional limitations; vendor patching is strongly preferred. Verify patch application by reviewing node_modules/@mikro-orm/*/src/platforms/Platform.ts for the .replaceAll(quote, quote+quote) escaping logic introduced in the fix commits. Advisory URLs: https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-cfw5-68c4-ffqp, https://github.com/advisories/GHSA-cfw5-68c4-ffqp.
More in PostgreSQL
View allPostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperl
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows re
Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allow
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate t
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitra
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
## Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query strin
Parse Server is an open source http web server backend. Rated critical severity (CVSS 10.0), this vulnerability is remot
Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al
A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for
Same weakness CWE-89 – SQL Injection
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31893
GHSA-cfw5-68c4-ffqp