CVE-2026-41690

18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object.prototype in the Node.js process hosting the middleware, via two unvalidated entry points that...

CVE-2026-25223

A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the...

Fastify 安全漏洞

Fastify is an open-source web framework developed by Fastify. Versions of Fastify prior to 5.7.3 contained security vulnerabilities. These vulnerabilities were due to a denial-of-service vulnerability in the handling of Web Streams responses, which could potentially cause remote clients to consum...

CVE-2025-32442

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as...

CVE-2025-32442 Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass

Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a slightly altered content type such as...

CVE-2022-39288

fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...

Fastify 跨站请求伪造漏洞

Fastify is an OpenJS Foundation open source web framework for Node.js. A security vulnerability exists in Fastify oauth2 that stems from the use of statically generated state parameters in all user requests...

Design/Logic Flaw

fastify is a fast and low overhead web framework, for Node.js. Affected versions of fastify are subject to a denial of service via malicious use of the Content-Type header. An attacker can send an invalid Content-Type header that can cause the application to crash. This issue has been addressed i...

PT-2022-24871 · Fastify · Fastify

Name of the Vulnerable Software and Affected Versions: fastify versions 4.0.0 through 4.8.0 Description: The issue allows an attacker to send an invalid Content-Type header, potentially causing the application to crash and leading to a denial of service attack. It is estimated that a significant...