Users of the "@adonisjs/bodyparser" npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server.
Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been described as a path traversal issue affecting the AdonisJS multipart



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/01/critical-adonisjs-bodyparser-flaw-cvss.html