Fastify has a Body Schema Validation Bypass via Leading Space in Content-Type Header

Summary A validation bypass vulnerability exists in Fastify v5.x where request body validation schemas specified via schema.body.content can be completely circumvented by prepending a single space character \x20 to the Content-Type header. The body is still parsed correctly as JSON or any other...

CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

PT-2022-17492 · Apache · Apache Apisix

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions prior to 2.13.0 Description: The issue allows an attacker to bypass body schema validation in the request-validation plugin by passing a JSON with a duplicate key. This can be achieved by sending a JSON payload such as...