Share
## https://sploitus.com/exploit?id=2FFD38D7-2996-5903-8944-C9F71ADF8B27
# CVE-2026-21440
Advanced detection-only PoC for CVE-2026-21440 affecting AdonisJS BodyParser. No exploitation included.
# CVE-2026-21440 โ AdonisJS Advanced Detection PoC
## Description
This project provides an **advanced detection-only Proof of Concept (PoC)** for **CVE-2026-21440**,
a critical **Path Traversal / Arbitrary File Write** vulnerability affecting **@adonisjs/bodyparser** in AdonisJS applications.
โ ๏ธ **This tool DOES NOT exploit the vulnerability.**
It is intended for **fingerprinting, research, and defensive security analysis only**.
---
## About CVE-2026-21440
- **Affected Framework**: AdonisJS (Node.js)
- **Component**: `@adonisjs/bodyparser`
- **Vulnerability Type**: Path Traversal โ Arbitrary File Write
- **Severity**: Critical (CVSS ~9.2)
- **Root Cause**: Unsafe handling of user-controlled filenames during file uploads
If exploited, this vulnerability may lead to:
- Arbitrary file write
- Application compromise
- Potential Remote Code Execution (RCE)
---
## Purpose of This Tool
This PoC helps security researchers and defenders to:
- Identify **potential AdonisJS applications**
- Detect **possible file upload surfaces**
- Estimate the **likelihood** of CVE-2026-21440 exposure
- Perform **safe, non-intrusive detection**
---
## What This PoC Does
โ Fingerprints AdonisJS indicators (headers, body, stack traces)
โ Detects Node.js / AdonisJS patterns
โ Probes common upload endpoints using **GET requests only**
โ Calculates a **confidence score**
โ Outputs a **risk level**: LOW / MEDIUM / HIGH
---
## What This PoC Does NOT Do
โ No file uploads
โ No path traversal attempts
โ No payloads
โ No exploitation
โ No bypass techniques
---
## Requirements
- Python 3.8+
- `requests` library
Install dependencies:
```bash
pip install requests
Usage
python3 cve-2026-21440_detection.py https://target.com
Example Output
[!] Likelihood of CVE-2026-21440: HIGH
[i] Confidence Score: 7/10
[!] Target MAY be vulnerable
[!] Manual verification required
Author
Handle: @You_sse_f1
Role: Cybersecurity Researcher
X ; @You_sse_f1