MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey) did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When application code passes attacker-influenced strings to public ORM APIs that expect an identifier or a JSON-property filter, an attacker can break out of the quoted context and inject arbitrary SQL. This vulnerability is fixed in @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14.
PUBLISHED5.2CWE-89
MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys
Problem type
Affected products
mikro-orm
mikro-orm
>= 7.0.0-rc.0, < 7.0.14 - AFFECTED
< 6.6.14 - AFFECTED
@mikro-orm
knex
< 6.6.14 - AFFECTED
sql
< 7.0.14 - AFFECTED
References
https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-cfw5-68c4-ffqp
https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-cfw5-68c4-ffqp
https://github.com/mikro-orm/mikro-orm/pull/7653
https://github.com/mikro-orm/mikro-orm/pull/7653
https://github.com/mikro-orm/mikro-orm/pull/7654
https://github.com/mikro-orm/mikro-orm/pull/7654
https://github.com/mikro-orm/mikro-orm/pull/7656
https://github.com/mikro-orm/mikro-orm/pull/7656
https://github.com/mikro-orm/mikro-orm/pull/7657
https://github.com/mikro-orm/mikro-orm/pull/7657
GitHub Security Advisories
GHSA-cfw5-68c4-ffqp
MikroORM has SQL injection via runtime-controlled identifiers and JSON-path keys
https://github.com/advisories/GHSA-cfw5-68c4-ffqpSummary
MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey) did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When application code passes attacker-influenced strings to public ORM APIs that expect an identifier or a JSON-property filter, an attacker can break out of the quoted context and inject arbitrary SQL.
Affected APIs
The vulnerability is reachable when application code passes an attacker-influenced string to any of the following documented APIs:
- Multi-tenant
schemaoption —em.fork({ schema }),qb.withSchema(name),wrap(entity).setSchema(name),em.create(Cls, data, { schema }). The schema name is concatenated into the SQL identifier and never had its dialect quote character escaped. em.find/qb.whereJSON-property filters —em.find(Entity, { jsonCol: { [userKey]: value } }). The user-supplied JSON sub-keys cannot be validated against any metadata (JSON columns are schemaless by design), and were spliced into the SQL string literal of the JSON path expression without escaping.qb.where/qb.orderBy/qb.groupBy/qb.having/qb.selectkeys — keys containing.or::bypassed the structured-where metadata validator inCriteriaNode, then flowed through the same brokenquoteIdentifier. Apps that forwarded raw filter keys from request input were already broken on authorization grounds (e.g.{ isAdmin: true }); the SQL injection here is a defence-in-depth failure on top of that.
The vulnerability does not affect documented escape-hatch APIs (raw(), the sql tagged template, qb.raw(), em.raw()) — those are documented as accepting raw SQL and are the application's responsibility to sanitize.
Impact
- Confidentiality — read from any table/schema the database user has access to (cross-tenant data leak in multi-tenant deployments).
- Integrity — on dialects supporting multi-statement queries (MSSQL, MySQL with multi-statement enabled), execute additional arbitrary SQL statements (data modification, in-database privilege escalation).
- Availability — DROP/TRUNCATE via injected statements where the database user has the privilege.
Affected dialects
All SQL dialects supported by MikroORM. The identifier-quoting bug exists in every dialect's quoteIdentifier (the dialect's own quote character — backtick, double quote, or right bracket — was not doubled when embedded in the identifier). The JSON-path bug exists in all dialects' getSearchJsonPropertyKey/quoteJsonKey.
MongoDB driver is not affected (no SQL).
Patches
- v7: upgrade to 7.0.14 or later.
- v6: upgrade to 6.6.14 or later.
Patches:
- Identifier quoting: #7653 (master) / #7654 (6.x)
- JSON-path keys: #7656 (master) / #7657 (6.x)
Workarounds
If users cannot upgrade immediately:
- For multi-tenant apps using
em.fork({ schema })/wrap().setSchema()/qb.withSchema(): validate the schema name against a strict allowlist (e.g.^[A-Za-z_][\w$]*$) before passing it to MikroORM. - For applications that pass
where/orderByfilters from request input: validate every key against the entity's known properties before constructing the filter; do not pass keys containing.or::from user input. - For applications that allow filtering on JSON columns from request input: validate every JSON sub-key against an allowlist (or against
^[a-zA-Z_][\w]*$) before passing it toem.find.
Credits
Reported and patched by Martin Adámek (project maintainer) during an internal security review.
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-44680Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-44680",
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"dateUpdated": "2026-05-26T17:40:52.485Z",
"dateReserved": "2026-05-07T16:20:08.660Z",
"datePublished": "2026-05-26T16:49:47.987Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M",
"dateUpdated": "2026-05-26T16:49:47.987Z"
},
"title": "MikroORM: SQL injection via runtime-controlled identifiers and JSON-path keys",
"descriptions": [
{
"lang": "en",
"value": "MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey) did not properly escape characters that delimit the SQL identifier or string-literal context they emit into. When application code passes attacker-influenced strings to public ORM APIs that expect an identifier or a JSON-property filter, an attacker can break out of the quoted context and inject arbitrary SQL. This vulnerability is fixed in @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14."
}
],
"affected": [
{
"vendor": "mikro-orm",
"product": "mikro-orm",
"versions": [
{
"version": ">= 7.0.0-rc.0, < 7.0.14",
"status": "affected"
},
{
"version": "< 6.6.14",
"status": "affected"
}
]
},
{
"vendor": "@mikro-orm",
"product": "knex",
"versions": [
{
"version": "< 6.6.14",
"status": "affected"
}
]
},
{
"vendor": "@mikro-orm",
"product": "sql",
"versions": [
{
"version": "< 7.0.14",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-cfw5-68c4-ffqp",
"name": "https://github.com/mikro-orm/mikro-orm/security/advisories/GHSA-cfw5-68c4-ffqp",
"tags": [
"x_refsource_CONFIRM"
]
},
{
"url": "https://github.com/mikro-orm/mikro-orm/pull/7653",
"name": "https://github.com/mikro-orm/mikro-orm/pull/7653",
"tags": [
"x_refsource_MISC"
]
},
{
"url": "https://github.com/mikro-orm/mikro-orm/pull/7654",
"name": "https://github.com/mikro-orm/mikro-orm/pull/7654",
"tags": [
"x_refsource_MISC"
]
},
{
"url": "https://github.com/mikro-orm/mikro-orm/pull/7656",
"name": "https://github.com/mikro-orm/mikro-orm/pull/7656",
"tags": [
"x_refsource_MISC"
]
},
{
"url": "https://github.com/mikro-orm/mikro-orm/pull/7657",
"name": "https://github.com/mikro-orm/mikro-orm/pull/7657",
"tags": [
"x_refsource_MISC"
]
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
}
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-05-26T17:40:52.485Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}