216.73.217.98

CVE-2026-34220

· Published 31/03/2026 16:16 · Modified 01/04/2026 14:24

Labels: CVE-2026-34220 2026-03-31CVE-2026-34220CWE-89[email protected]

Essential information

Published
31/03/2026 16:16
Modified
01/04/2026 14:24
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6.10 and 7.0.6.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mikroorm / mikroorm cpe:2.3:a:mikroorm:mikroorm:<6.6.10:*:*:*:*:*:*:*
mikroorm / mikroorm cpe:2.3:a:mikroorm:mikroorm:<7.0.6:*:*:*:*:*:*:*

References