CVE-2026-33131 h3 has a middleware bypass with one gadget

H3 is a minimal HTTP framework. Versions 2.0.0-0 through 2.0.1-rc.14 contain a Host header spoofing vulnerability in the NodeRequestUrl which extends FastURL which allows middleware bypass. When event.url, event.url.hostname, or event.url.url is accessed, such as in a logging middleware, the url...

H3 安全漏洞

H3 is an open-source HTTP framework developed by H3. Versions 2.0.0-0 to 2.0.1-rc.14 of H3 contain security vulnerabilities. These vulnerabilities stem from a Host header spoofing issue in NodeRequestUrl, which may allow middleware to bypass security checks...