PT-2026-2797 · Adonisjs · @Adonisjs/Lucid
Wodzen
·
Published
2026-01-13
·
Updated
2026-01-13
·
CVE-2026-22814
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
@adonisjs/lucid versions prior to 21.8.2
@adonisjs/lucid versions prior to 22.0.0-next.6
Description
A Mass Assignment issue exists in @adonisjs/lucid, an SQL ORM for AdonisJS. A remote attacker who can influence data passed into Lucid model assignments may be able to overwrite the internal ORM state, potentially leading to logic bypasses and unauthorized record modification.
Recommendations
Update to @adonisjs/lucid version 21.8.2.
Update to @adonisjs/lucid version 22.0.0-next.6.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
@Adonisjs/Lucid