Vulnerability in @Feathersjs Mongodb

CVE-2026-29793

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method (get…

EPSS: 0.000 (7.0th percentile) — read the EPSS interpretation.

Affected products

@Feathersjs Mongodb — versions >= 5.0.0, < 5.0.42

Weakness classification (CWE)

CWE-943 — Improper Neutralization of Special Elements in Data Query Logic

References

https://github.com/feathersjs/feathers/security/advisories/GHSA-p9xr-7p9p-gpqx (x_refsource_CONFIRM)