QwikSec

Security Database

CVE

CWE

Training

CVE-2026-34220

Published: Mar 31, 2026

Modified: Apr 2, 2026

PUBLISHED

Description

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6.10 and 7.0.6.

Vendor	Product	Versions
mikro-orm	mikro-orm	affected `< 6.6.10` affected `>= 7.0.0-rc.0, < 7.0.6`

Weaknesses (CWE)

References

https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-gwhv-j974-6fxm

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.