Is CVE-2026-25762 actively exploited?

CVE-2026-25762 has no public evidence of in-the-wild exploitation as of 2026-03-17.

What is the CVSS score for CVE-2026-25762?

CVE-2026-25762 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2026-25762?

Patch guidance is available from adonisjs security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-25762.

Fix CVE-2026-25762 - HIGH adonisjs bodyparser

Q: Which products are affected by CVE-2026-25762?

10 products: adonisjs bodyparser, adonisjs bodyparser, adonisjs bodyparser, adonisjs bodyparser, adonisjs bodyparser, and 5 more.

Description

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessive memory consumption and process termination. This issue has been patched in versions 10.1.3 and 11.0.0-next.9.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-400 CWE-770

Metadata

Primary Vendor: ADONISJS
Published: 2/6/2026
Last Modified: 3/17/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

adonisjs : bodyparseradonisjs : bodyparseradonisjs : bodyparseradonisjs : bodyparseradonisjs : bodyparseradonisjs : bodyparseradonisjs : bodyparseradonisjs : bodyparseradonisjs : bodyparseradonisjs : bodyparser

Remediation Guidance

Executive Summary

Cite this page

CVE-2026-25762. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-25762

View on NIST NVD

CVE-2026-25762 vulnerability