CVE-2026-27953P2CRITICALCVSS 9.8fixed in 0.23.12026-03-19
CVE-2026-27953 [CRITICAL] CWE-20 CVE-2026-27953: ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validatio
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "__pk_only__": true into a JSON request body. By injecting "__pk_only__": true into a JSON request body, an unauthenticated attacker c
nvd