CVE-2026-33807 @fastify/express vulnerable to middleware path doubling causing authentication bypass in child plugin scopes

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...