Security Advisory

CVE-2026-25754

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-06 22:48:38

Last updated 2026-02-09 15:26:12

Assigner GitHub_M

State PUBLISHED

Description

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.

← Browse all CVEs View on cve.org ↗