641 matches found
CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers
@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...
CVE-2026-33805 @fastify/reply-from vulnerable to connection header abuse enabling stripping of proxy-added headers
@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests by listing them i...
CVE-2026-33805
CVE-2026-33805 affects @fastify/reply-from <= v12.6.1 and @fastify/http-proxy
CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...
CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...
CVE-2026-33807
@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...
CVE-2026-33807
CVE-2026-33807 affects @fastify/express v4.0.4 and earlier. A path handling bug in onRegister doubles middleware paths when inherited by child plugins, causing the middleware to never match requests. This results in complete bypass of Express middleware security controls (authentication, authoriz...
CVE-2026-33808
Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when ignoreDuplicateSlashes is enabled, or...
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)
Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when ignoreDuplicateSlashes is enabled, or...
CVE-2026-33808 @fastify/express vulnerable to middleware authentication bypass via URL normalization gaps (duplicate slashes and semicolons)
Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when ignoreDuplicateSlashes is enabled, or...
CVE-2026-33808
CVE-2026-33808 affects fastify/express. Root cause: @fastify/express v4.0.4 and earlier fail to normalize URLs before passing to Express middleware when Fastify router normalization is enabled, allowing bypass of path-scoped authentication via duplicate slashes or semicolon delimiters. Outcome: a...
CVE-2026-33806
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...
Improper Validation of Specified Type of Input
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the schema.body.content when a space is prepended to the Content-Type header. An attacker can bypass input validation by sending...
0uth (>=1.0.5 <=1.2.1), @___d/common (>=1.0.3 <=1.0.27) +2489 more potentially affected by CVE-2026-33806 via fastify (>=4.29.0 <=5.8.4)
fastify NPM version =4.29.0, =1.0.5, =1.0.3, =0.0.3, =1.0.0, =3.0.0, =0.1.0, =0.0.1, =0.1.0, =2.0.0, =1.0.1, =1.6.2, =1.0.3, =0.3.3, =0.7.3 and more Source cves: CVE-2026-33806 Source advisory: SNYK:JS-FASTIFY-16066793...
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...
CVE-2026-33806
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...
CVE-2026-33806
Summary: CVE-2026-33806 affects Fastify where, in applications using schema.body.content, a leading space in the Content-Type header can bypass per-content-type body validation while the body is parsed normally. This is a regression introduced in Fastify >= 5.3.2 as a follow-up to CVE-2025-324...
@fastify/express 安全漏洞
@fastify/express is a compatibility plugin developed by Fastify. Versions of @fastify/express 4.0.4 and earlier contain security vulnerabilities. These vulnerabilities stem from errors in path handling within the onRegister function, which cause the middleware paths to be added repeatedly when...
PT-2026-33035
Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.5 Description An issue exists where the software fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows an unauthenticated...