GHSA-72C6-FX6Q-FR5W @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

Impact @fastify/middie v9.3.1 and earlier incorrectly re-prefixes middleware paths when propagating them to child plugin scopes. When a child plugin is registered with a prefix that overlaps with a parent-scoped middleware path, the middleware path is modified during inheritance and silently fail...

EUVD-2026-23241

@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes...

@fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

Impact @fastify/middie v9.3.1 and earlier incorrectly re-prefixes middleware paths when propagating them to child plugin scopes. When a child plugin is registered with a prefix that overlaps with a parent-scoped middleware path, the middleware path is modified during inheritance and silently fail...

CVE-2026-6270

Summary : The vulnerability affects the Node.js module @fastify/middie, specifically versions 9.3.1 and earlier. The root cause is that inherited middleware is not registered on child plugin engine instances, so when a Fastify app registers authentication middleware in a parent scope and then loa...

CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...