641 matches found
CVE-2026-25223
CVE-2026-25223 affects the Fastify web framework for Node.js. Before version 5.7.2, a validation bypass allows an attacker to bypass request body validation by appending a tab character to the Content-Type header, causing the server to process the body as the original content type without proper ...
CVE-2026-25224
CVE-2026-25224 affects Fastify (Node.js). Before 5.7.3, a DoS can occur when a remote client sends a slow or non-reading request while the app returns a ReadableStream (or Web Stream) via reply.send(), causing unbounded buffering and possible memory exhaustion. Impact: server degradation or crash...
CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
CVE-2026-25224
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
EUVD-2026-5158
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via...
Fastify 安全漏洞
Fastify is an open-source web framework developed by Fastify. Versions of Fastify prior to 5.7.2 contained security vulnerabilities. These vulnerabilities stemmed from a request body validation pattern that could be completely bypassed, allowing attackers to circumvent body validation...
Fastify 安全漏洞
Fastify is an open-source web framework developed by Fastify. Versions of Fastify prior to 5.7.3 contained security vulnerabilities. These vulnerabilities were due to a denial-of-service vulnerability in the handling of Web Streams responses, which could potentially cause remote clients to consum...
Allocation of Resources Without Limits or Throttling
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the sendWebStream function. An attacker can cause excessive memory consumption by sending a slow or non-reading client request,...
@amedia/brick-mcp (>=0.0.0-vEXPORT-20260113150210 <=0.1.5), @andesite-lab/andesite-core (=1.60.2) +260 more potentially affected by CVE-2026-25224 via fastify (>=5.0.0-alpha.2 <=5.7.2)
fastify NPM version =5.0.0-alpha.2, =0.0.0-vEXPORT-20260113150210, =2.0.1, =1.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.1.68, =6.0.0, =0.2.305, =1.0.6, =1.0.22 and more Source cves: CVE-2026-25224 Source advisory: SNYK:JS-FASTIFY-15182641...
Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Impact A Denial of Service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via reply.send are impacted. A slow or non-reading client can trigger unbounded...
GHSA-MRQ3-VJJR-P77C Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream
Impact A Denial of Service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream or Response with a Web Stream body via reply.send are impacted. A slow or non-reading client can trigger unbounded...
03-api-solid (>=1.0.0 <=1.1.2), 0uth (>=1.0.5 <=1.2.1) +3727 more potentially affected by CVE-2026-25223 via fastify (>=0.21.0 <=5.7.1)
fastify NPM version =0.21.0, =1.0.0, =1.0.5, =1.0.0, =1.0.0, =0.0.0, =0.0.1, =1.0.3, =0.0.1, =0.1.66, =0.5.0, =1.3.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-canary.2 and more Source cves: CVE-2026-25223 Source advisory: OSV:GHSA-JX2C-RXCM-JVMQ...
@amedia/brick-mcp (>=0.0.0-vEXPORT-20260113150210 <=0.1.5), @andesite-lab/andesite-core (=1.60.2) +259 more potentially affected by CVE-2026-25223 via fastify (>=5.0.0-alpha.2 <=5.7.1)
fastify NPM version =5.0.0-alpha.2, =0.0.0-vEXPORT-20260113150210, =2.0.1, =1.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.1.68, =6.0.0, =0.2.305, =1.0.6, =1.0.22 and more Source cves: CVE-2026-25223 Source advisory: SNYK:JS-FASTIFY-15182642...
Interpretation Conflict
Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict via the Content-Type header processing. An attacker can bypass body validation by appending a tab character \t and arbitrary content to the Content-Type header,...
GHSA-JX2C-RXCM-JVMQ Fastify's Content-Type header tab character allows body validation bypass
Impact A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the serve...
Fastify's Content-Type header tab character allows body validation bypass
Impact A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the serve...
PT-2026-6444
Impact A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character t followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server...
PT-2026-6281
Name of the Vulnerable Software and Affected Versions Fastify versions prior to 5.7.2 Description Fastify is a web framework for Node.js. A validation bypass exists where request body validation schemas specified by Content-Type can be circumvented. Appending a tab character t followed by arbitra...