Description

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

INFO

Published Date :

2026-01-02T19:02:18.393Z

Last Modified :

2026-01-05T20:37:47.577Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-21440 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-21440.

URL Resource
https://github.com/adonisjs/bodyparser/commit/143a16f35602be8561215611582211dec280cae6 cve-icon cve-icon
https://github.com/adonisjs/bodyparser/commit/6795c0e3fa824ae275bbd992aae60609e96f0f03 cve-icon cve-icon
https://github.com/adonisjs/bodyparser/releases/tag/v10.1.2 cve-icon cve-icon
https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.6 cve-icon cve-icon
https://github.com/adonisjs/core/security/advisories/GHSA-gvq6-hvvp-h34h cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability