Lucene search
+L

10 matches found

OSV
OSV
added 2026/06/23 6:18 p.m.6 views

DEBIAN-CVE-2026-52844

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...

7.5CVSS5.9AI score0.00409EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.7 views

CVE-2026-2880

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

9.1CVSS5.9AI score0.0039EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/28 2:47 a.m.8 views

EUVD-2026-9049

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/28 2:47 a.m.13 views

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware

Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...

9.1CVSS6AI score0.0039EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/28 2:47 a.m.7 views

GHSA-8P85-9QPW-FWGW @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware

Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...

8.2CVSS6AI score0.0039EPSS
Exploits0References7
NVD
NVD
added 2026/02/27 7:16 p.m.8 views

CVE-2026-2880

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

9.1CVSS0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/27 6:25 p.m.25 views

CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

8.2CVSS0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 6:25 p.m.5 views

CVE-2026-2880

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

9.1CVSS5.9AI score0.0039EPSS
Exploits0References2
OSV
OSV
added 2026/02/27 6:25 p.m.7 views

CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.15 views

PT-2026-22377

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.2.0 Description A flaw exists in @fastify/middie that can lead to authentication or authorization bypass when path-scoped middleware is used, such as with app.use'/secret', auth. This occurs when Fastify...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References10
Rows per page
Query Builder