NextGuard
UNKNOWNCVE-2026-34220

MikroORM is vulnerable to SQL Injection via specially crafted object

Platform

nodejs

Component

mikro-orm

Fixed in

7.0.6

View on NVD

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6.10 and 7.0.6.

How to fix

Actualice MikroORM a la versión 6.6.10 o superior, o a la versión 7.0.6 o superior. Esto corrige la vulnerabilidad de inyección SQL que permite la ejecución de consultas SQL no autorizadas a través de objetos especialmente diseñados. La actualización previene la explotación de esta vulnerabilidad.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free