Romain Lanz

1 exploit Active since Feb 2026
CVE-2026-25754 WRITEUP HIGH WRITEUP
AdonisJS bodyparser < 10.1.3 - Prototype Pollution via Multipart Form-Data Parsing
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipart form-data parsing may allow a remote attacker to manipulate object prototypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.
CVSS 7.2