CVE-2026-25762

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions AdonisJS versions prior to 10.1.3 AdonisJS versions prior to 11.0.0-next.9

Description A denial of service (DoS) issue exists in the multipart file handling logic of the @adonisjs/bodyparser package. The multipart parser may accumulate an unbounded amount of data in memory when attempting to detect file types, potentially leading to excessive memory consumption and process termination.

Recommendations Update to AdonisJS version 10.1.3 or later. Update to AdonisJS version 11.0.0-next.9 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

CVE-2026-25762

GHSA-XX9G-FH25-4Q64

Affected Products

@Adonisjs/Bodyparser

Adonisjs

CVE-2026-25762

Weakness Enumeration

Related Identifiers

Affected Products

References · 12