2 matches found
CVE-2026-16117
creationtimestamp| type| source ---|---|--- 2026-07-18 13:14:19+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mqwdtonr6k25 2026-07-18 14:36:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqwifxu7mz2z 2026-07-18 15:00:46+00:00| seen|...
CVE-2026-16117
The CVE concerns @fastify/http-proxy (affected: up to 11.5.0) where URL prefix rewriting fails when the prefix segment is URL-encoded. Fastify decodes paths for route matching, but request.url keeps the original encoded form. The prefixRewrite step compares against the decoded prefix using a lite...