CVE-2026-29793— NoSQL Injection via WebSocket id Parameter in MongoDB Adapter
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-29793
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NoSQL Injection via WebSocket id Parameter in MongoDB Adapter
Source: NVD (National Vulnerability Database)
Vulnerability Description
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method (get, patch, update, remove). The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId() and land directly in the MongoDB query as operators. Sending {$ne: null} as the id matches every document in the collection. This vulnerability is fixed in 5.0.42.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
数据查询逻辑中特殊元素的不当中和
Source: NVD (National Vulnerability Database)
Vulnerability Title
Feathers 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Feathers是Feathers开源的一个轻量级的 Web 框架。用于使用 TypeScript 或 JavaScript 创建 API 和实时应用程序。 Feathers 5.0.0版本至5.0.42之前版本存在安全漏洞,该漏洞源于传输层未对Socket.IO客户端发送的id参数进行类型检查,当使用MongoDB适配器时可能导致查询操作符注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| @feathersjs | mongodb | >= 5.0.0, < 5.0.42 | - |
II. Public POCs for CVE-2026-29793
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-29793
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-29793 (1)
IV. Related Vulnerabilities
Same weakness: CWE-943
- CVE-2026-40102
Plane: ORM Field Reference Injection via `segment` Parameter - CVE-2026-42156
Flowsint: Cypher query injection in node type on node creati - CVE-2026-42316
KQL injection via kusto.tables.topics.mapping in kafka-sink- - CVE-2026-33566
LogonTracer 安全漏洞 - CVE-2026-41327
Dgraph: Pre-Auth Full Database Exfiltration via DQL Injectio
V. Comments for CVE-2026-29793
No comments yet