Vulnerability in Adonisjs Lucid

CVE-2026-22814

@adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may allow a remote attacker who can influence data that is passed into Luc…

Vulnerability class: Mass Assignment

EPSS: 0.005 (37.4th percentile) — read the EPSS interpretation.

Affected products

  • Adonisjs Lucid — versions < 21.8.2, >= 22.0.0-next.0, < 22.0.0-next.6

Weakness classification (CWE)

References