{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T07:47:45.281","vulnerabilities":[{"cve":{"id":"CVE-2026-25754","sourceIdentifier":"security-advisories@github.com","published":"2026-02-06T23:15:54.390","lastModified":"2026-06-17T10:25:10.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next.9."},{"lang":"es","value":"AdonisJS es un framework web con prioridad en TypeScript. Antes de las versiones 10.1.3 y 11.0.0-next.9, una vulnerabilidad de contaminación de prototipos en el análisis de datos de formulario multipart de AdonisJS podría permitir a un atacante remoto manipular prototipos de objetos en tiempo de ejecución. Este problema ha sido parcheado en las versiones 10.1.3 y 11.0.0-next.9."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"adonisjs","product":"core","versions":[{"version":"< 10.1.3","status":"affected"},{"version":"< 11.0.0-next.9","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-09T15:21:49.378875Z","id":"CVE-2026-25754","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:*:*:*:*:*:node.js:*:*","versionEndExcluding":"10.1.3","matchCriteriaId":"A2D0EAB1-2749-484C-8CF3-C51E5E934279"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:*:*:*:*:*:node.js:*:*","versionStartIncluding":"10.1.4","versionEndExcluding":"11.0.0","matchCriteriaId":"020CFEB2-5732-42CA-B05A-5BE722B7EC41"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:11.0.0:next1:*:*:*:node.js:*:*","matchCriteriaId":"E7CB148B-B37C-4BAB-8F9A-B2E028FDE19A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:11.0.0:next2:*:*:*:node.js:*:*","matchCriteriaId":"250E3E4D-B54A-4AD9-93C0-D26DE41B8CF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:11.0.0:next3:*:*:*:node.js:*:*","matchCriteriaId":"2DFE6131-7D0C-4B69-B4C0-F77BA58E9F3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:11.0.0:next4:*:*:*:node.js:*:*","matchCriteriaId":"99B68074-366C-4B96-909D-E49DFE3D240A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:11.0.0:next5:*:*:*:node.js:*:*","matchCriteriaId":"349D208E-B74B-4BEE-9958-9E9FC7BB73BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:11.0.0:next6:*:*:*:node.js:*:*","matchCriteriaId":"51559F52-A6DF-4CD4-A763-36AA17AFB0CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:11.0.0:next7:*:*:*:node.js:*:*","matchCriteriaId":"FCDAA05D-1138-4C7B-9AA8-1627996390C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adonisjs:bodyparser:11.0.0:next8:*:*:*:node.js:*:*","matchCriteriaId":"0C3D4CD4-4DF6-440B-9D4D-E0E36273434A"}]}]}],"references":[{"url":"https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-vj4h-vg4c","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}