VYPR
High severityNVD Advisory· Published Feb 6, 2026· Updated Feb 9, 2026

AdonisJS multipart body parsing has Prototype Pollution issue

CVE-2026-25754

Description

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@adonisjs/bodyparsernpm
< 10.1.310.1.3
@adonisjs/bodyparsernpm
>= 11.0.0-next.0, < 11.0.0-next.911.0.0-next.9

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.