Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:17 p.m.6 views

CVE-2026-33804

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

9.1CVSS5.4AI score0.00278EPSS
Exploits0References1
Snyk
Snykadded 2026/04/16 10:29 p.m.1 views

Interpretation Conflict

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict in the propagation of middleware paths to child plugin scopes due to incorrect re-prefixing. An attacker can gain unauthorized access to protected routes by...

9.3CVSS5.7AI score0.00498EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/16 10:28 p.m.3 views

EUVD-2026-23235

@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References3
OSV
OSVadded 2026/04/16 10:28 p.m.1 views

GHSA-V9WW-2J6R-98Q6 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

Impact @fastify/middie v9.3.1 and earlier does not read the deprecated but still functional top-level ignoreDuplicateSlashes option, only reading from routerOptions. This creates a normalization gap: Fastify's router normalizes duplicate slashes but middie does not, allowing middleware bypass via...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/04/16 10:28 p.m.4 views

@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

Impact @fastify/middie v9.3.1 and earlier does not read the deprecated but still functional top-level ignoreDuplicateSlashes option, only reading from routerOptions. This creates a normalization gap: Fastify's router normalizes duplicate slashes but middie does not, allowing middleware bypass via...

9.1CVSS5.8AI score0.00278EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/16 1:56 p.m.1 views

CVE-2026-33804 @fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/16 1:56 p.m.3 views

CVE-2026-33804

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplicat...

7.4CVSS5.8AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/16 12:0 a.m.1 views

PT-2026-33320

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.3.2 Description Inherited middleware is not registered directly on child plugin engine instances. When authentication middleware is registered in a parent scope and child plugins are registered with...

9.1CVSS5.8AI score0.00498EPSS
Exploits1References16
Rows per page
Query Builder