2 matches found
UBUNTU-CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-13676
The CVE concerns the fast-uri library (versions 2.3.1–3.1.2 and 4.0.0) where the IDN host canonicalization path fails to normalize Unicode hosts for HTTP URLs. A helper used in IDN conversion does not exist on the global URL constructor, leaving the host in Unicode form while normalize() and equa...