A critical path traversal vulnerability has been discovered in AdonisJS’s multipart file handling, potentially allowing remote attackers to write arbitrary files to server locations outside the intended upload directory. The vulnerability, tracked as CVE-2026-21440, affects @adonisjs/bodyparser versions through 10.1.1 and all 11.x prerelease versions prior to 11.0.0-next.6, with patches now available in versions 10.1.2 and […] The post Critical AdonisJS Vulnerability Allows Remote Attackers to Write Files on Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/adonisjs-vulnerability/
