CVE-2026-21440 – AdonisJS Path Traversal in Multipart File Handling

CVE ID : CVE-2026-21440

Published : Jan. 2, 2026, 7:15 p.m. | 1 hour, 9 minutes ago

Description : AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

Severity: 9.2 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-64123 – Nuvation Energy nCloud Client-to-Client Communication

CVE-2025-64122 – Nuvation Energy Multi-Stack Controller Private Key Stored on Device

CVE-2025-64121 – Nuvation Energy Multi-Stack Controller Authentication Bypass

CVE-2025-64120 – Nuvation Energy Multi-Stack Controller OS Command Injection