Share
## https://sploitus.com/exploit?id=2FFD38D7-2996-5903-8944-C9F71ADF8B27
# CVE-2026-21440
Advanced detection-only PoC for CVE-2026-21440 affecting AdonisJS BodyParser. No exploitation included.



# CVE-2026-21440 โ€“ AdonisJS Advanced Detection PoC

##  Description

This project provides an **advanced detection-only Proof of Concept (PoC)** for **CVE-2026-21440**,  
a critical **Path Traversal / Arbitrary File Write** vulnerability affecting **@adonisjs/bodyparser** in AdonisJS applications.

โš ๏ธ **This tool DOES NOT exploit the vulnerability.**  
It is intended for **fingerprinting, research, and defensive security analysis only**.

---

##  About CVE-2026-21440

- **Affected Framework**: AdonisJS (Node.js)
- **Component**: `@adonisjs/bodyparser`
- **Vulnerability Type**: Path Traversal โ†’ Arbitrary File Write
- **Severity**: Critical (CVSS ~9.2)
- **Root Cause**: Unsafe handling of user-controlled filenames during file uploads

If exploited, this vulnerability may lead to:
- Arbitrary file write
- Application compromise
- Potential Remote Code Execution (RCE)

---

##  Purpose of This Tool

This PoC helps security researchers and defenders to:

- Identify **potential AdonisJS applications**
- Detect **possible file upload surfaces**
- Estimate the **likelihood** of CVE-2026-21440 exposure
- Perform **safe, non-intrusive detection**

---

##  What This PoC Does

โœ” Fingerprints AdonisJS indicators (headers, body, stack traces)  
โœ” Detects Node.js / AdonisJS patterns  
โœ” Probes common upload endpoints using **GET requests only**  
โœ” Calculates a **confidence score**  
โœ” Outputs a **risk level**: LOW / MEDIUM / HIGH  

---

##  What This PoC Does NOT Do

โŒ No file uploads  
โŒ No path traversal attempts  
โŒ No payloads  
โŒ No exploitation  
โŒ No bypass techniques  

---

##  Requirements

- Python 3.8+
- `requests` library

Install dependencies:

```bash
pip install requests





 Usage
python3 cve-2026-21440_detection.py https://target.com

Example Output
[!] Likelihood of CVE-2026-21440: HIGH
[i] Confidence Score: 7/10
[!] Target MAY be vulnerable
[!] Manual verification required


Author

Handle: @You_sse_f1

Role: Cybersecurity Researcher

X ; @You_sse_f1