2 matches found
CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...
Fastify's Content-Type header tab character allows body validation bypass
Impact A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the serve...