Lucene search
+L

49 matches found

nvd
nvd
added 2026/07/01 12:16 p.m.8 views

CVE-2026-14198

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding during route lookup. The two layers disagree on the canonical request path, so the middleware fails to...

9.1CVSS0.00299EPSS
Exploits0References2
euvd
euvd
added 2026/07/01 11:29 a.m.9 views

EUVD-2026-40946

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding during route lookup. The two layers disagree on the canonical request path, so the middleware fails to...

9.1CVSS5.8AI score0.00299EPSS
Exploits0References2
cve
cve
added 2026/07/01 11:29 a.m.33 views

CVE-2026-14198

The CVE-2026-14198 entry concerns @fastify/middie versions 9.1.0–9.3.2, where encoded slashes (%2F) in path parameter values are decoded by middie but not by Fastify’s router during route lookup. This mismatch lets a crafted URL bypass middleware-based security (authentication/authorization/rate ...

9.1CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/07/01 11:29 a.m.4 views

CVE-2026-14198 @fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding during route lookup. The two layers disagree on the canonical request path, so the middleware fails to...

9.1CVSS6AI score0.00299EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.10 views

PT-2026-54639

Name of the Vulnerable Software and Affected Versions @fastify/middie versions 9.1.0 through 9.3.2 Description An authorization bypass occurs because the software decodes the encoded slash %2F within path parameter values before matching middleware paths, whereas the underlying router preserves...

9.1CVSS5.8AI score0.00299EPSS
Exploits0References6
cve
cve
added 2026/06/26 4:15 p.m.19 views

CVE-2026-55677

Echo (Go framework) prior to 4.15.3 and 5.2.0 has a router vs static file handler decoding mismatch: the router uses the raw encoded path while StaticDirectoryHandler unescapes %2F to /, enabling bypass of route-level access controls to read static files without authorization. The vulnerability i...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 4:15 p.m.36 views

CVE-2026-55677 Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS0.0043EPSS
Exploits0References1
osv
osv
added 2026/06/26 4:15 p.m.3 views

CVE-2026-55677 Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS6AI score0.0043EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/19 8:26 p.m.8 views

CVE-2026-50559

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons %3B to smuggle matrix parameters past the security layer,...

7.5CVSS5.8AI score0.00463EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/06/09 11:7 p.m.39 views

CVE-2026-44716 Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS0.00423EPSS
Exploits1References4
osv
osv
added 2026/05/15 4:55 p.m.13 views

GHSA-3363-2PH6-35WH Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Summary A path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder flag, it exposes a GET /files/filename:path download endpoint. The filename path parameter is concatenated directly onto args.folder with no...

7.5CVSS5.9AI score0.00423EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/05/13 8:23 p.m.11 views

CVE-2026-42882

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.13 views

PT-2026-37288

Name of the Vulnerable Software and Affected Versions s3-proxy versions prior to 0.0.0-20260424211602-1320e4abd46a Description Inconsistent URL path normalization and routing logic lead to authorization bypasses, allowing unauthenticated access to protected objects. The issues stem from a mismatc...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2026/03/27 7:50 p.m.4 views

CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...

4.3CVSS6AI score0.00515EPSS
Exploits0References1
osv
osv
added 2026/03/27 7:50 p.m.7 views

CVE-2026-33868 Mastodon has a GET-Based Open Redirect via '/web/%2F<domain>'

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability CWE-601 exists in the /web/ route due to improper handling of URL-encoded path segments. An attacker can craft a specially encode...

4.3CVSS6AI score0.00515EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/19 10:6 p.m.2 views

CVE-2026-32004

OpenClaw versions prior to 2026.3.2 contain an authentication bypass vulnerability in the /api/channels route classification due to canonicalization depth mismatch between auth-path classification and route-path canonicalization. Attackers can bypass plugin route authentication checks by submitti...

8.3CVSS5.8AI score0.00297EPSS
Exploits0References7
nvd
nvd
added 2026/03/06 6:16 p.m.9 views

CVE-2026-29087

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS0.00327EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/04 10:9 p.m.4 views

CVE-2026-29045 Hono: Arbitrary file access via serveStatic vulnerability

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections e.g. app.use'/admin/', ..., inconsistent URL decoding allowed protected static resources to be accessed without...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/04 12:0 a.m.7 views

PT-2026-23096

Name of the Vulnerable Software and Affected Versions @hono/node-server versions prior to 1.19.10 Description @hono/node-server allows running the Hono application on Node.js. When using static file serving with route-based middleware protections, inconsistent URL decoding can allow protected...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References4
hackerone
hackerone
added 2025/12/15 7:45 a.m.48 views

curl: Path Traversal Bypass in file:// URLs Due to Incomplete URL-Encoded Path Normalization

Summary: The dedotdotify function in lib/urlapi.c is responsible for removing path traversal sequences ../ and ./ from URLs according to RFC 3986. However, the function only recognizes literal forward slashes / when identifying path segments and does not handle URL-encoded slashes %2f or %2F. Thi...

7.1AI score
Exploits0
Rows per page
Query Builder