2 matches found
0uth (>=1.0.5 <=1.2.1), @___d/common (>=1.0.3 <=1.0.27) +2466 more potentially affected by CVE-2026-33806 via fastify (>=4.29.0 <=5.8.4)
fastify NPM version =4.29.0, =1.0.5, =1.0.3, =0.0.3, =1.0.0, =3.0.0, =0.1.0, =0.0.1, =0.1.0, =2.0.0, =1.0.1, =1.6.2, =1.0.3, =0.3.3, =0.7.3 and more Source cves: CVE-2026-33806 Source advisory: SNYK:JS-FASTIFY-16066793...
CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header
Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...